cyber Breach

Intuit Mailchimp

May 11, 2023 1 min read
Intuit Mailchimp

MailChimp fell victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors.

Hackers managed to obtain employee credentials and gained access to an internal customer support and account administration tool which affected the data of 133 customers.

The information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.

Source: https://heimdalsecurity.com/blog/mailchimp-data-breach-social-engineering/

TPRM report: https://scoringcyber.rankiteo.com/company/intuitmailchimp

"id": "int20719123",
"linkid": "intuitmailchimp",
"type": "Breach",
"date": "01/2023",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 133,
                        'industry': 'Email Marketing',
                        'name': 'MailChimp',
                        'type': 'Company'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': 133,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['names',
                                              'store URLs',
                                              'addresses',
                                              'email addresses']},
 'description': 'MailChimp fell victim to a social engineering attack that '
                "threat actors successfully performed on the company's "
                'employees and contractors. Hackers managed to obtain employee '
                'credentials and gained access to an internal customer support '
                'and account administration tool which affected the data of '
                '133 customers. The information obtained by hackers only '
                'includes names, store URLs, addresses, and email addresses, '
                'which are still enough for threat actors to launch phishing '
                'attacks.',
 'impact': {'data_compromised': ['names',
                                 'store URLs',
                                 'addresses',
                                 'email addresses'],
            'systems_affected': ['internal customer support and account '
                                 'administration tool']},
 'motivation': 'Data theft for potential phishing attacks',
 'title': 'MailChimp Social Engineering Attack',
 'type': 'Social Engineering Attack',
 'vulnerability_exploited': 'Human vulnerability through social engineering'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.