Mailchimp has suffered a data breach for the second time in less than six months. The breach has exposed information of over 130 Mailchimp account holders. This breach appears to be almost identical to the breach that was suffered previously. Mailchimps’ security team detected an intruder on January 11 and noticed they’d accessed one of its internal tools. It was not stated for how long the intruder had access to the system. Since the threat actor was able to access Mailchimp accounts, this also led to other companies, being impacted, one of those being WooCommerce. In a note to customers, WooCommerce said it was notified by Mailchimp a day later that the breach may have exposed the names, store web addresses and email addresses of its customers, though it said no customer passwords or other sensitive data was taken. WooCommerce is said to have more than five million customers. The totality of the breach has not yet been revealed, but it could prove to be large.
After the first breach was suffered, Mailchimp stated they’d be reassessing their security posture and making changes. Now that a second breach has occurred, it’s unclear if they did not take these steps, or their new defenses simply failed. Taking preventative security measures can go a long way and save valuable time, money, and reputation. Cyber attacks are not slowing down anytime soon, so it’s advised that companies that have not taken the next steps to better protect themselves, do so.