On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.
Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.
After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data. We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.
That afternoon, we sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely. Since then, we’ve been working with our users directly to help them reinstate their accounts, answer questions, and provide any additional support they need. If you have questions regarding a notice you received or the incident in general, please reach out to firstname.lastname@example.org.
We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration. We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process.
Originally published on January 13, 2023