E-mail marketing and newsletter service Mailchimp said it was hacked and that customer accounts were accessed, in the second such attack in less than a year.
Intruders compromised a tool used by the company’s customer support and account administration teams on 11 January, the company wrote in a blog post updated on Tuesday evening.
“The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” the company said, adding that as of Tuesday evening it believed the attack was limited to 133 accounts. Mailchimp said it suspended access to the compromised accounts and notified account owners of the breach the day following the hack.
Mailchimp is owned by global technology platform Intuit, which also owns TurboTax, QuickBooks and Credit Karma. “There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” according to the blog.
Mailchimp was affected by a similar data attack last year in which hackers breached approximately 300 accounts and exported audience data from 102 of those. The marketing service best known for its e-mail newsletter program had 2.4 million monthly active users and 800 000 paid customers as of October 2022, according to Bloomberg Intelligence.
A Mailchimp account used by e-commerce giant WooCommerce was one of the targets in last week’s hack, TechCrunch reported.
Read: LastPass hacking incident worse than feared
WooCommerce said no customer passwords or other sensitive data was compromised, but names, store addresses and e-mail addresses of its customers may have been exposed, TechCrunch reported. WooCommerce didn’t immediately reply to requests for comment. — Lucy Papachristou, (c) 2023 Bloomberg LP