MailChimp has been a victim of a social engineering attack that threat actors successfully performed on its employees and contractors.
MailChimp detected the attack on January 11th after discovering an unauthorized person accessed their support tools.
Hackers managed to obtain employee credentials and gain access to an internal customer support and account administration tool. The attack affected the data of 133 customers.
Since the investigation is still ongoing, MailChimp preferred not to reveal further details on the attack.
The information obtained by hackers includes names, store URLs, addresses, and email addresses that might be used in phishing attacks.
The largely used WooCommerce eCommerce plugin for WordPress is one of the victims. Their customers were notified about their names, store URLs, addresses, and emails being exposed as a result of the MailChimp breach.
No sensitive information, such as passwords and payment data, was leaked.
This is the second time in the last half of the year that they are breached. Another similar attack was successfully performed in August 2022, when the company`s employees were tricked by using phishing techniques. By which the hackers gained access to 214 MailChimp accounts, but at that time, they went for cryptocurrency-related customers.