"MailChimp Discloses New Breach After Employees Got Hacked"

Hackers gained access to an internal customer support and account administration tool at the email marketing provider MailChimp, allowing threat actors to access the data of 133 customers. According to MailChimp, the attackers obtained employee credentials using a social engineering attack against Mailchimp employees and contractors. The hack was detected on January 11, when MailChimp discovered an unauthorized user accessing their support resources. The popular WooCommerce eCommerce plugin for WordPress is one of the customers affected by this attack. WooCommerce notified customers via email that the MailChimp breach had exposed their names, store URLs, addresses, and email addresses. While WooCommerce claims there is no evidence that the stolen data was misused, threat actors typically use this type of data in targeted phishing campaigns to steal credentials or spread malware. This article continues to discuss the MailChimp data breach. 

Bleeping Computer reports "MailChimp Discloses New Breach After Employees Got Hacked"