Intuit-owned email marketing firm Mailchimp had its systems compromised for the second time in six months, resulting in the compromise of data from 133 customers, according to TechCrunch.
Threat actors launched a social engineering attack against Mailchimp's employees and contractors to obtain employee passwords, which were then used to access data from Mailchimp customers, including major e-commerce platform WooCommerce.
WooCommerce reported to customers that it was informed by Mailchimp that its customers' names, store web addresses, and email addresses may have been compromised by the incident. However, the breach did not impact customer passwords and other sensitive data.
Such an attack comes after Mailchimp reported being hit by a social engineering attack in August, which impacted 214 accounts, including the account of major cloud provider DigitalOcean.
While Mailchimp said that additional security measures have been implemented following the incident, the nearly identical new attack has brought upon questions regarding the adoption of such measures.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news