Marketing automation platform and email marketing service Mailchimp has disclosed that the platform was hacked.
The security team at the company disclosed that an intruder was detected last week while accessing one of its internal tools used by its customer support and account administration.
The hacker was reported to have targeted Mailchimp employees and contractors with a social Engineering attack by using manipulated techniques to gain private information like passwords.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
MailChimp disclosed that the hacker used those compromised employees passwords to gain access to data on 133 MailChimp accounts, which the company notified of the intrusion.
The company also announced that the hacker compromised the account of Yuga labs, a block chain technology company that develops NFTs and digital collectibles, meanwhile the company has confirmed that the NFTs are safe.
Yuga labs therefore took to its Twitter handle to notify users of the recent hack on its MailChimp account, by confirming that it had only used the service a few times and for limited purposes but wished to share the information out of caution.
We recently learned that Mailchimp, a popular email platform, had a data breach and our account was one of many compromised. We have only used that service a few times, and for limited purposes, but out of an abundance of caution we wanted to share what we know. ??
— Yuga Labs (@yugalabs) January 19, 2023
The company wrote on Twitter,
“We recently learned that Mailchimp, a popular email platform, had a data breach and our account was one of many compromised. We have only used that service a few times, and for limited purposes, but out of an abundance of caution we wanted to share what we know.
“Important note: The data contained in our Mailchimp account was information from a couple of email campaigns involving a limited number of people. Mailchimp is strictly used for email communications, not mints.
“Next steps: We are continuing to look into this matter and will contact you from a Yuga Labs email address (@yugalabs.io) if we believe your data may have been impacted by this Mailchimp breach.
“In the meantime: Stay safe and vigilant. As a reminder, there will be no surprise mints and we will never DM you requesting sensitive information. Announcements should always be cross-checked with the Yuga News site news.yuga.com and the brand channels”.
Also, one of those targeted accounts belongs to e-commerce giant WooCommerce, an open-source flexible software solution built for WordPress-based websites
In a note to its customers, WooCommerce said it was notified by Mailchimp a day later that the breach may have exposed the names, store web addresses, and email addresses of its customers, though it said no customer passwords or other sensitive data was taken.
Recall that on March 26, Mailchimp identified a malicious actor accessing a tool used by its customer support and account administration teams.
The company disclosed that access was gained following a successful social engineering attack, a type of attack that exploits human error and uses manipulation techniques to gain private information, access, or valuables.