MailChimp, an American marketing automation platform and email marketing service, was breached for the second time this year. The first breach was disclosed in April when MailChimp revealed that an attacker gained control of the company’s internal tooling as a result of a phishing attack against an employee. The attacker then used these tools to breach clients with cryptocurrency ties. In the latest breach, Mailchimp’s internal tooling was again compromised and used to target MailChimp clients tied to cryptocurrency. DigitalOcean’s MailChimp account was also compromised.
DigitalOcean uses their account to perform password resets, send email confirmations, and to send alerts to customers. As a result of this account being compromised, the email addresses of numerous DigitalOcean clients were exposed, allowing the attackers to perform password resets on their accounts. DigitalOcean has since cut ties with MailChimp as a result of this breach. MailChimp has indicated that any additional accounts that were involved in the attack have since been locked and additional security measures have been put in place.
Analyst Notes
This is the latest example of attackers attacking weak links in the supply chain, rather than attacking the company themselves, and highlights the importance of choosing vendors who are security aware, as well as understanding the importance of multi-factor authentication (MFA). The end-user accounts that were compromised through password resets would have benefitted from the use of MFA.
https://www.bleepingcomputer.com/news/security/new-mailchimp-breach-exposed-digitalocean-customer-email-addresses/
