RISKS
What happened
Mailchimp says it was hacked and that dozens of customers’ data was exposed. Even worse, it’s the second time the company was hacked in less than a year. Worse still, this breach appears to be almost identical to a previous incident.
In a blog post, the Intuit-owned company said that its security team detected an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration, though the company did not say for how long the intruder was in its systems, if known. Mailchimp said the hacker targeted its employees and contractors with a social engineering attack, in which someone uses manipulation techniques by phone, email or text to gain private information, like passwords. The hacker then used those compromised employee passwords to gain access to data on 133 Mailchimp accounts, which the company notified of the intrusion.
One of those targeted accounts belongs to e-commerce giant WooCommerce. In a note to customers, WooCommerce said it was notified by Mailchimp a day later that the breach may have exposed the names, store web addresses and email addresses of its more than 5 million customers, though it said no customer passwords or other sensitive data was taken.
Last April, Mailchimp said it was the victim of a social engineering attack that compromised credentials of its customer support staff, granting the intruder access to Mailchimp’s internal tools. In that breach, data on some 214 Mailchimp accounts were compromised, mostly of cryptocurrency and finance-related accounts. Cloud giant DigitalOcean confirmed that its account was compromised in the incident, and harshly criticized Mailchimp’s handling of the breach. At the time, Mailchimp stated it had implemented “an additional set of enhanced security measures”, but declined to identify what measures they implemented.
Why is this important?
A 2022 Cymulate survey revealed that two-thirds of companies who have been hit by cybercrime in the past year have been hit more than once. Insanity is doing the same thing again and again, hoping for a different result!
What does this mean to me?
A security risk assessment can identify the cyber risks your organization faces and what to do about them, closing the loop on potential vulnerabilities. In addition, cyber security awareness training is key to teaching your employees the “red flags” to look for to avoid getting caught up by phishing or other social engineering attacks. Finally, a strong incident response plan (IRP) enables your organization to not only handle incidents if they occur, but also target security measures to keep them from occurring again.
APPROACHES
Helpful Controls
Commonality of attack
High
Article on story
Mailchimp says it was hacked — again
HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, and more that impact your risk management program.
SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING