Intuit-owned email marketing firm Mailchimp had its systems compromised for the second time in six months, resulting in the compromise of data from 133 customers, according to TechCrunch.
Threat actors launched a social engineering attack against Mailchimp's employees and contractors to obtain employee passwords, which were then used to access data from Mailchimp customers, including major e-commerce platform WooCommerce.
WooCommerce reported to customers that it was informed by Mailchimp that its customers' names, store web addresses, and email addresses may have been compromised by the incident. However, the breach did not impact customer passwords and other sensitive data.
Such an attack comes after Mailchimp reported being hit by a social engineering attack in August, which impacted 214 accounts, including the account of major cloud provider DigitalOcean.
While Mailchimp said that additional security measures have been implemented following the incident, the nearly identical new attack has brought upon questions regarding the adoption of such measures.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.