Skip to content

Lessons learned from the Mailchimp breach

May 28, 2022

From the SecureMac website

In late March, the email marketing platform Mailchimp suffered a breach, exposing an unknown number of people to phishing attacks. The incident contains some valuable cybersecurity lessons for everyday users. 

The Mailchimp data breach

The breach at Mailchimp was the result of a social engineering attack on company employees, according to tech news site BleepingComputer. The employees gave the hackers their account credentials. This allowed them to access an internal Mailchimp tool used by “customer-facing teams for customer support and account administration”.

The Mailchimp admin tool allowed the bad actors to view account data and export mailing lists from hundreds of customer accounts. They also stole the API keys for a number of accounts. In the wrong hands, an API key can be used to send spoofed emails that appear genuine.

* * * * * * * * * * * * * *

Be careful the next time a Mailchimp survey appears in your email – Learn more

From → Cyber / Computer

Comments are closed.