On January 11th, the Mailchimp Security team discovered that an unauthorised individual had gained access to one of the tools used by customer-facing teams for customer support and account administration. This access was achieved through a social engineering attack on Mailchimp employees and contractors. As a result, the attacker was able to access a limited number of Mailchimp accounts using employee credentials that were compromised during the attack.
Their investigation has revealed that this targeted incident was limited to 133 Mailchimp accounts and there is no indication that this compromise has affected Intuit systems or customer data beyond these Mailchimp accounts.
In response to this incident, they immediately took action to protect their users’ data by temporarily suspending account access for any Mailchimp accounts where they detected suspicious activity. They also notified the primary contacts for all affected accounts within 24 hours of the initial discovery. Those affected later received another email from the Mailchimp Security team containing instructions to help them reinstate their accounts, answer questions and provide any additional support required.
WooCommerce, which build and maintain open source e-commerce tools for small business, was one of the accounts targeted. In a notification to their customers, WooCommerce said that Mailchimp Security notified them about the breach and that their customers’ names, email addresses and store addresses may have been exposed. They assured customers that no passwords, payment details or other sensitive data were taken.
Mailchimp advises anyone with questions regarding a notice they received or anything to do with the incident to please reach out to ciso@mailchimp.com.