Mailchimp suffers social engineering attack, says breach exposed customer data

Mass email and marketing automation platform Mailchimp has confirmed that it was hacked on January 11, with bad actors gaining access to information from 133 accounts. The data can potentially be used to send account owners unsolicited ads or targeted phishing attacks.

The company said in a blog post that its security team detected an “unauthorised actor” accessing one of its internal tools used by Mailchimp customer-facing teams for customer support and account administration. This actor had conducted a social engineering attack on Mailchimp employees, obtaining access to Mailchimp accounts using employee credentials compromised in that attack.