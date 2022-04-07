Although talking about hundreds of accounts within a giant like Mailchimp may seem like a small thing, it is important to keep in mind that even an email marketing service of this size can be subject to security problems.

Mailchimp has confirmed a data breach generated after the infection of an internal company tool.

They noticed it on March 26, when they saw a cybercriminal access a tool used by customer support teams. He got it by using social engineering, a human error after being tricked by the criminal after a call or email.

They were able to quickly terminate access to the compromised employee accounts, but 300 Mailchimp accounts were compromised, and audience data from 102 of them was successfully exported.

The target was clients in the cryptocurrency and finance sectors, so it is possible that those affected are now receiving emails trying to trick them into losing the cryptocurrencies they have stored.

In addition to accounts, API keys were also accessed, but they have not reported how many. With those keys you can send spoofed emails, but they have been disabled to avoid problems.

It is a clear example of how, no matter how much is invested in computer security, social engineering, deceiving employees, can open the doors to the desired information. From a call pretending to be technical support, to a spoofed email from the boss, it can be enough to cause chaos within any company.