The Atlanta Journal-Constitution
Atlanta-based tech giant Mailchimp hit with second hack in 10 months
133 accounts exposed, but no credit card or password info leaked.
Mailchimp, one of Atlanta’s largest technology companies, was the victim of a hacking attempt that compromised accounts for more than 100 customers.
The email marketing organization owned by Intuit announced the security breach last week in a company blog post. A hacker gained access to the company’s customer support and account administration systems Jan. 11, exposing information for 133 Mailchimp accounts. It’s the second time since March where Mailchimp’s systems were hacked, compromising its customers’ data.
A Mailchimp spokesperson told The Atlanta Journal-constitution the hackers were not able to obtain credit card or password information during the most recent incident.
“Our investigationinto the matter is ongoing, and includes identifying measures to further protect our platform,” the spokesperson said in an emailed statement. “For operational security reasons, we are not publicly commenting on actions we are taking.”
According to the blog post, the hacker used a “social engineering attack” — which can include tactics such as email phishing — on Mailchimp employees and contractors in order to gain access to the internal account. Mailchimp said there’s no evidence the hack affected the systems of Intuit, which acquired Mailchimp in 2021 for $12 billion.
The affected accounts were temporarily suspended once the hack was detected, the blog post said. The impacted companies were notified Jan. 12 and were given instructions on how to safely reinstate their accounts.
“We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration,” the blog post said. “We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process.
Mailchimp declined to name any of the impacted customers, but Techcrunch reported Wednesday California-based e-commerce company Woocommerce was among the compromised accounts. The company said the attack exposed its customers’ names and email addresses, but no sensitive data was taken.
In March, Mailchimp sustained a similar attack where hackers used an internal tool to steal data from more than 100 clients, which mostly consisted of cryptocurrency and finance organizations, according to multiple media reports. The Verge reported more than 300 accounts were targeted, but hackers were only able to obtain data from 102.