At Mailchimp, the security of our users’ data is our top priority.
On August 8, our Security team became aware of an unauthorized actor accessing one of our tools used by customer-facing teams for customer support and account administration. The incident was propagated by an unauthorized actor who conducted a social engineering attack on Mailchimp employees, and obtained access using employee credentials compromised in that social engineering attack.
What happened and our response
On August 22, we followed up with an email to the account owner for all affected accounts with steps to help users reinstate access to their Mailchimp accounts safely. If you have questions regarding a notice you received or the incident in general, please reach out to here.
Based on our investigation to date, it appears that 214 Mailchimp accounts were affected by the incident. Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance.
We realize this may have caused uncertainty for our users and their customers and apologize for the disruption. We are continuing our investigation and proactively providing impacted users with timely and accurate information throughout the process.
Published August 12, 2022. Last updated on August 22, 2022.