Customer email addresses of DigitalOcean were compromised by a recent MailChimp breach
September 14th, 2022 - Written By CyberLabs
A security advisory about a hack on its email service provider MailChimp that had an impact on its clients was just recently published by a security researcher from the cloud hosting company Digital Ocean. To notify consumers of password resets, email confirmations, and product-related alerts, the business engaged this email service provider.
“On August 8, our Security team became aware of an unauthorized actor accessing one of our tools used by customer-facing teams for customer support and account administration. The incident was propagated by an unauthorized actor who conducted a social engineering attack on Mailchimp employees, and obtained access using employee credentials compromised in that social engineering attack.” Said Digital Ocean
The report claims that as part of an email service provider security breach, threat actors gained access to certain of the Digital Oceans clients’ email addresses. The account of the Digital Oceans was abruptly disabled by MailChimp on August 8. On the same day, a customer of Digital Ocean reported an unauthorized password reset event. Following an inquiry, digital ocean assumed the MailChimp had been the target of a cyberattack.
“On August 8, our Security team became aware of an unauthorized actor accessing one of our tools used by customer-facing teams for customer support and account administration. The incident was propagated by an unauthorized actor who conducted a social engineering attack on MailChimp employees, and obtained access using employee credentials compromised in that social engineering attack.” Said MailChimp in a data breach notification
On August 10, MailChimp was formally informed the cloud hosting provider of the security event when threat actors accessed their internal support tools and collected the email addresses of their clients. Threat actors attempted to reset passwords on accounts belonging to digital ocean using this stolen email address, but accounts with multi-factor authentication (MFA) were shielded from the efforts.
Additionally, Digital Ocean instantly changed to a different email service provider and informed the impacted clients. Security experts advised customers to install MFA on their accounts and to be watchful for phishing attacks.
Source