Mailchimp suffers third breach in 12 months
Thursday, January 19, 2023
ImmuniWeb founder Ilia Kolochenko said: “The unauthorised access to 133 customer accounts is a very insignificant security incident for such a large company as Mailchimp.
“Transparent disclosure of the incident rather evidences a well-established DFIR process and high standards of ethics at Mailchimp, as most businesses of similar size will likely try to find a valid excuse to avoid mandatory disclosure prescribed by law or imposed by contractual duties.”
Kolochenko added that the supposed attack vector was an exceedingly efficient one, claiming multiple victims all the time, with even the best multi-layered defences and advanced controls frequently ineffective against an honest mistake. He said Mailchimp had clearly detected and contained the problem quickly, given the customer support agent or agents compromised would have certainly had access to the data of many more customers.
One organisation known to have been affected in the latest attack is WooCommerce, an open source e-commerce platform used by independent micro retailers, which notified its customers shortly after. Read Full Article
Infosecurity Magazine: FTX: Over $400m Stolen from Bankrupt Exchange
IT World Canada: Hacker defaces website of firm supplying apps to police, may have stolen data