This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.
It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering on Mailchimp’s employees. A company spokesperson indicated that the attack was targeted to users in “industries related to cryptocurrency and finance.” It was also reported that the threat actor was using information from the hacked accounts to send out phishing emails.
This data breach underscores for companies how important it is to conduct regular employee training that warns users not to click on suspicious links in emails and, for individuals, to implement multi-factor authentication for access to critical financial accounts.