Total Tests:

Mailchimp suffers third breach in 12 months

By Alex Scroxton for ComputerWeekly
Thursday, January 19, 2023

ImmuniWeb founder Ilia Kolochenko said: “The unauthorised access to 133 customer accounts is a very insignificant security incident for such a large company as Mailchimp.

“Transparent disclosure of the incident rather evidences a well-established DFIR process and high standards of ethics at Mailchimp, as most businesses of similar size will likely try to find a valid excuse to avoid mandatory disclosure prescribed by law or imposed by contractual duties.”

Kolochenko added that the supposed attack vector was an exceedingly efficient one, claiming multiple victims all the time, with even the best multi-layered defences and advanced controls frequently ineffective against an honest mistake. He said Mailchimp had clearly detected and contained the problem quickly, given the customer support agent or agents compromised would have certainly had access to the data of many more customers.

One organisation known to have been affected in the latest attack is WooCommerce, an open source e-commerce platform used by independent micro retailers, which notified its customers shortly after. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential