Cyber Security News

MailChimp Security Breach Exposed the Email Addresses of DigitalOcean Customers

An American Cloud Infrastructure Provider, DigitalOcean, customers were impacted by a recent security incident disclosed by an Email Marketing company, Mailchimp. The security breach exposed the email addresses of some customers, and a small percentage of those customers received unauthorized password resets.

On August 8, the company discovered that its Mailchimp account had been compromised as part of what “we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain”, DigitalOcean’s head of security Tyler Healy.

MailChimp Security Breach

According to the recent blog post from DigitalOcean, transactional emails from the platform, delivered through Mailchimp, stopped reaching DigitalOcean customers’ inboxes. This was observed during the internal test run by engineering teams.

It was also found that the Mailchimp account had been suspended, with no access, and no other information is provided by Mailchimp. Therefore DigitalOcean customers’ email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails were not reaching their destination.

“One of the first discoveries was a non-DigitalOcean email address that appeared on a regular email from Mailchimp on August 7th. The [@] email was not there on a similar Mailchimp email on August 6th. This led us to strongly believe our Mailchimp account was compromised”, according to Digital Ocean.

After finding out the issue, DigitalOcean started to reach our Mailchimp through support channels. The company says on August 10th, first actionable response, and conversation with the Mailchimp/Intuit Legal team to understand the impact of the incident.

DigitalOcean said it understands that an attacker “compromised Mailchimp internal tooling.” Further the attackers utilized the stolen customer email addresses to try and gain access to DigitalOcean accounts by performing password resets. The internal logging points out the attacker IP address x.213.155.164.

The company confirmed the small number of DigitalOcean accounts targeted by malicious password resets. Although not all resets were successful. DigitalOcean has migrated critical services away from Mailchimp to another email service provider and critical transactional emails were back online.

“In response to a recent attack targeting Mailchimp’s crypto-related users, we’ve taken proactive measures to temporarily suspend account access for accounts where we detected suspicious activity while we investigate the incident further,” reads the advisory from MailChimp.

Finally DigitalOcean says that two-factor authentication saved a handful of customers targeted by the attacker from complete account compromise.

Therefore the company decided to assess two-factor authentication on-by-default for all DigitalOcean customer accounts. It is recommended to enable 2FA on your account.“We recently experienced a security incident in which unauthorized actors targeted Mailchimp’s crypto-related users by employing sophisticated phishing and social engineering tactics. Based on our investigation to date, it appears that 214 Mailchimp accounts were affected by the incident.” – MailChimp.

Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

8 hours ago

Beware of Free VPNs that Install Malicious Botnets

Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of…

12 hours ago

HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication

Hewlett Packard Enterprise (HPE) has addressed a critical vulnerability in its 3PAR Service Processor software…

15 hours ago

Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution

Google has announced the release of Chrome 126, a critical security update that addresses 10…

16 hours ago

CrowdStrike Update Pushing Windows Machines Into a BSOD Loop

A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users…

17 hours ago

Oracle WebLogic Server Vulnerability Allows Complete Server Take Over

A critical vulnerability identified as CVE-2024-21181 has been discovered in the Oracle WebLogic Server, posing…

18 hours ago