Hacked! Do you use Mailchimp? We do. UPDATED 26 4 2022

(Some of you may be reading this post because we sent you the link using MailChimp!)

The post was first published on 5 April 2022

Update 26 4 2022

Now Mailchimp’s owners, Intuit, are being sued for alleged losses arising through the theft of crypto-currency from one or more digital wallets, due to these security issues.

Intuit sued over alleged cryptocurrency thefts via Mailchimp • The Register

Levinson v. Intuit, Inc. et al. – 5:22-cv-02477 (regmedia.co.uk)


Original post from 5 April 2022

Although this appears to be a targeted attack against carefully selected high-value companies using the Mailchimp service, it still remains that the hacker had time inside the MailChimp systems to be this selective.

Mailchimp: Cryptocurrency clients’ mailing-list info stolen • The Register

Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said – The Record by Recorded Future

The targets were finance and cryptocurrency organisations. 319 accounts were accessed and data stolen from 102 of them.

This appears to have started with an employee being taken in by a social engineering attack.

mailchimp 200