DigitalOcean Leaves Mailchimp After Email Security Scare

Two-factor authentication worked to keep DigitalOcean's customers secure despite the data breach, the company says.

Cloud infrastructure provider DigitalOcean is leaving the email services provider Mailchimp, saying that was compromised in a suspected cyber attack.

Mailchimp disclosed the incident to DigitalOcean, and it believes the attacker compromised its internal tooling, gaining access to DigitalOcean customer email addresses. But, thanks to two-factor authentication, the attacker was unable to progress further.

The entire incident demonstrates the dangers of vulnerable business supply chains: Your own business could easily lose its reputation if a service it relies on heavily suffers a cyber attack.

What Happened? A Security Vulnerability Timeline

On August 8, DigitalOcean noticed that emails sent through Mailchimp weren’t reaching customers: Their account had been suspended.

Around the same time, DigitalOcean’s Security Operations team heard from a customer who said their password had been reset without their involvement. They put two and two together:

“Recognizing a likely connection between our sudden loss of transactional email, and potentially malicious password resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage.” – DigitalOcean

On August 10, Mailchimp confirmed unauthorized access to their account and others. On their end, DigitalOcean found no attempts to access customer accounts through email after August 7. They’re still moving “critical services” away from Mailchimp in response.

DigitalOcean also said that it suspected the attack was aimed specifically at crypto and blockchain businesses, an area that it provides infrastructure solutions for.

Still, that doesn’t mean non-crypto services are safe. Phishing attacks are on the rise, and can do plenty of damage if your business doesn’t have the right precautions in place.

Preventative Measures Your Business Could Take

The biggest move to keep your business’s nose clean here is to check and doublecheck your security standards. For Mailchimp in particular, just one specific question could have helped: Do all the software services your employees use offer Single Sign-On (SSO)?

SSO is a risk-mitigation process, as it lets employees sign into multiple services with one set of login credentials. This stops each and every third-party service from storing its own external database of all its clients’ user passwords. That’s a big deal — any databases that store passwords used by employees at a huge number of businesses is to a hacker what banks full of bags with dollar signs are to robbers in masks and black-and-white striped shirts.

Two-factor user authentications are another security standard that will help business software users protect their data and their business, and saved DigitalOcean’s customers in this case, as the attacker never proceded past the second authentication.

Check Your Business Software Plans

That said, both two-factor authentication and SSO are not always available and can vary depending on which software plan you opt for. For example, only the Enterprise plan in project management software Smartsheet’s pricing structure includes SSO, a it’s aimed at the largest businesses.

Security features are factored into all of our software reviews for this reason. We’ve ranked the best options for tools ranging from accounting solutions and small business VoIP systems to free payroll software or restaurant-specific POS systems.

On top of all that, a good VPN can help add another layer of security as well.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals