The Mailchimp Security team has identified a bad actor accessing one of its tools, according to an announcement updated by Mailchimp on Tuesday.
The unauthorized actor “conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack. The incursion was discovered on January 11.
But the company says only 133 Mailchimp accounts were affected, and there is “no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.”
The email provider continues, “After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data. We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.”
Mailchimp apologized for the episode.
Last week, Solana Foundation, the non-profit organization of the Solana anti-blockchain censorship network, disclosed a security incident involving Mailchimp.
The foundation reported that ““the affected information may have included, inter alia, email addresses, names, and Telegram usernames, in each case only to the extent users provided any such information.”
In December, cybersecurity firm CloudSERK charged that Mailchimp, Mailgun and SendGrid put over 54 million mobile app users at risk worldwide.