Cloud infrastructure provider DigitalOcean is leaving the email services provider Mailchimp, saying that was compromised in a suspected cyber attack.
Mailchimp disclosed the incident to DigitalOcean, and it believes the attacker compromised its internal tooling, gaining access to DigitalOcean customer email addresses. But, thanks to two-factor authentication, the attacker was unable to progress further.
The entire incident demonstrates the dangers of vulnerable business supply chains: Your own business could easily lose its reputation if a service it relies on heavily suffers a cyber attack.
What Happened? A Security Vulnerability Timeline
On August 8, DigitalOcean noticed that emails sent through Mailchimp weren't reaching customers: Their account had been suspended.
Around the same time, DigitalOcean's Security Operations team heard from a customer who said their password had been reset without their involvement. They put two and two together:
“Recognizing a likely connection between our sudden loss of transactional email, and potentially malicious password resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage.” – DigitalOcean
On August 10, Mailchimp confirmed unauthorized access to their account and others. On their end, DigitalOcean found no attempts to access customer accounts through email after August 7. They're still moving “critical services” away from Mailchimp in response.
DigitalOcean also said that it suspected the attack was aimed specifically at crypto and blockchain businesses, an area that it provides infrastructure solutions for.
Still, that doesn't mean non-crypto services are safe. Phishing attacks are on the rise, and can do plenty of damage if your business doesn't have the right precautions in place.
Preventative Measures Your Business Could Take
The biggest move to keep your business's nose clean here is to check and doublecheck your security standards. For Mailchimp in particular, just one specific question could have helped: Do all the software services your employees use offer Single Sign-On (SSO)?
SSO is a risk-mitigation process, as it lets employees sign into multiple services with one set of login credentials. This stops each and every third-party service from storing its own external database of all its clients' user passwords. That's a big deal — any databases that store passwords used by employees at a huge number of businesses is to a hacker what banks full of bags with dollar signs are to robbers in masks and black-and-white striped shirts.
Two-factor user authentications are another security standard that will help business software users protect their data and their business, and saved DigitalOcean's customers in this case, as the attacker never proceded past the second authentication.
Check Your Business Software Plans
That said, both two-factor authentication and SSO are not always available, and can vary depending on which software plan you opt for. For example, project management software Smartsheet doesn't add SSO on any plan expect its Enterprise plan, aimed at the largest businesses.
Security features are factored into all of our software reviews for this reason. We've ranked the best options for tools ranging from accounting solutions and small business VoIP systems to free payroll software or restaurant-specific POS systems.
On top of all that, a good VPN can help add another layer of security as well.