A new data exposure from email marketing platform MailChimp led to the compromise of 133 customer information. The leak happened after a social engineering scam, carried out by cybercriminals against company workers, which ended up exposing access credentials to internal administration tools and, in turn, to user data.
- Phishing attacks grow by almost 230% in Brazil in the first half of 2022
- New Phishing Scams Use Tactics to Hide Security App URLs
In addition to internal employees, MailChimp also talks about social engineering attacks against third parties. The coup was detected on January 11, the date on which unauthorized access to the company’s systems was detected, from support tools. The misuse has been suspended, with the email marketing company also putting restrictions on other accounts that may have also been compromised.
Meanwhile, the process of alerting customers affected by the opening began, with the company talking about actions taken less than 24 hours after the initial intrusion. MailChimp also claims that sensitive data, such as passwords, credit card details and other financial information, was not accessed, while an investigation into what actually happened is ongoing.
More details about what happened, however, came in an email sent to affected users. Users of the WooCommerce e-commerce system, for example, were warned about the exposure of names, emails, addresses and URLs of online stores, with the platform also positioning itself to state that there is no evidence that the data obtained was used in any way. maliciously against its customers.
“WooCommerce users received this email as a report of a data leak in MailChimp.”
However, the alert is on for the risk of phishing scams targeting users of MailChimp and other targeted services. Criminals can impersonate the email platform itself or other companies in distributing malware or malicious links in an attempt to obtain more information or financial assets. Attention to incoming messages and emails is therefore essential at this time.
This is the second similar case to hit MailChimp in less than a year. In April 2022, the exposure of information from around 100 users led to scams targeting cryptocurrency owners, with the aim of obtaining wallet credentials for theft of values. The false notification came on behalf of the company itself, instructing the download of a new version of the official app, with a link that led to a phishing site.