The email service provider has suffered a security breach, compromising more than 200 accounts including some belonging to cloud and VPN provider DigitalOcean.
Mailchimp said the attack – which apparently occurred earlier this month – targeted its customers in the cryptocurrency industry, forcing it to suspend accounts it suspects of having been hijacked by black-hat hackers, pending further investigation. It claims the action was necessary to protect client data.
“Across the tech industry, malicious actors are increasingly deploying an array of sophisticated phishing and social engineering tactics targeting data and information from crypto-related companies,” said Mailchimp.
DigitalOcean issued a statement this week saying it had detected a breach of its Mailchimp account on August 8, although it claimed only “a small number” of its customers experienced attempted hijacking of their email accounts via remote password resetting.
Of more apparent concern to the cloud giant was the disruption caused to its services by the suspension of accounts sanctioned by Mailchimp in response to the breach.
“Transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers’ inboxes,” said DigitalOcean. “This was discovered by an internal test run by engineering teams to monitor the health of our signup process. We quickly discovered our Mailchimp account had been suspended, with no access, and no other information being provided by Mailchimp.”
It added: “This meant email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails were not reaching their destination.”
More of this to come, warns expert
Matt Chiodi, chief trust officer at secure identification provider CERBY, believes that MailChimp’s 11 million customers can expect to be baited with social engineering scams over the next few weeks, as crooks seek to cash in on the disclosed vulnerability.
“All of Mailchimp’s active customers should expect a surge in phishing attempts over the next few weeks specifically targeted to their industry – criminals now have intimate knowledge of how they communicate with customers,” he said.
Chiodi added that six in ten cloud-based businesses share a key vulnerability with Mailchimp in that they do not use single-sign on (SSO), a streamlined authentication service that simplifies password management across multiple devices, and that this key flaw would be exploited by cybercriminals if left unchecked.
“Instead of going after the crown jewels directly, criminals go through the back door – breaking in through these cloud applications that don’t support common security standards,” he said, urging businesses to adopt “two-factor authentication universally, with no exceptions.”
More from Cybernews:
Subscribe to our newsletter