Third MailChimp Data Breach Makes It Hard To “Rebuild Trust”

All three MailChimp breaches in the past 12 months have been due to social engineering or phishing.

Popular email marketing service MailChimp disclosed another breach last week, and the tech and business sectors are still reeling: Many services are now breaking the news to users that their data has been exposed as a result.

One of the biggest businesses to be impacted is ecommerce platform WooCommerce, but others include data tracker Statista and the gambling site FanDuel.

It's the third breach at MailChimp in the past 12 months, all three due to social engineering.

How the MailChimp Breach Happened

The cause of the breach was a social engineering attack focused on MailChimp employees and contractors. At least one employee was tricked into exposing their credentials, leading to an unauthorized actor gaining access to select user accounts — 133 in total, according to the company.

As soon as MailChimp detected suspicious activity on January 11, it froze the compromised accounts. But the horses may already be out of the barn. MailChimp has alerted users to the fact that their data has been exposed, with the types of data in question including names, addresses, email addresses, and more.

The attack highlights the importance of employee training on how to spot phishing attacks, as well as the benefits of software, such as password managers, that can highlight suspect website logins.

Ripple Effects in a Connected Tech Ecosystem

When a major service hosts private databases of sensitive data, a security breach is even worse than normal. The ripple effects go beyond just the businesses that use MailChimp – they might also impact the businesses that rely on the businesses that use MailChimp.

Natasha Willett, Senior Insight Manager at MVF, which owns Tech.co, told us she had recently received emails from two companies, the ecommerce platform WooCommerce and the data service Statista, regarding the potential leak of data due to last week's breach at MailChimp.

“From a personal perspective it's one thing, but when it also affects your work address and potential wider company, then it becomes far more concerning,” Willett says.

“I appreciate that although a breach doesn't directly result in compromised user accounts, there is a significant risk in exposed information such as email addresses and names – especially when it comes to an organization such as ours with more than 500 people.”

The MailChimp Fallout: Investing in More Security

In the wake of the breach, companies everywhere must invest more resources into a range of responses. First, they'll need to access the potential or existent damage. Then, they'll have to research and implement ways to stay safe in the future.

And of course, any impacted companies will need to alert their customers to the exact nature of the breach, leading their users to make the same security investments.

“Not only could this result in a loss of productivity from those affected in the sense of having to become more vigilant, the impact on our internal IT team to now monitor this on a micro and macro level is incredibly significant. When it comes to MailChimp, it's going to be hard to rebuild trust,” Willett says.

If your own company was lucky enough to avoid dealing with any exposed data in the aftermath of this breach, consider this a warning: It's tough to stay completely safe in today's increasingly connected and online world.

A little employee training and a healthy business password manager could go a long way towards shoring up security ahead of the next successful phishing attempt.

If you're a MailChimp user and the latest breach has got you concerned about security, take a look at our MailChimp alternatives.

Written by:

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi out from Abrams Books in 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals