(Bloomberg) — The email marketing company Mailchimp said its network was breached followed a social engineering attack.
An intruder viewed 319 Mailchimp accounts and audience data was exported from 102 of them, Siobhan Smyth, chief information security officer, said in a statement. Mailchimp software is used by publishers and companies to compose newsletters and send promotional messages to customers. Smyth didn’t identify the clients affected.
Mailchimp’s security team became aware that a malicious actor had accessed an internal tool used by customer-facing teams for support and account administration, Smyth said. The attacker conducted a successful social engineering attack on Mailchimp employees, resulting in credentials being compromised, she said.
The hacker on April 2 attempted to send a phishing campaign to a user’s contacts with details they obtained in a March 26 incident, the company said.
“Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance,” Smyth said.
Mailchimp has since received reports that the hacker was using the information obtained from user accounts to send phishing campaigns to their contacts.
Intuit Inc., the maker of TurboTax and QuickBooks software, acquired Mailchimp for $12 billion in cash and stock last year.
(Updated throughout to include details released by Mailchimp.)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.