If you have an online store and use WooCommerce, surely you have already received the email that warns of the problem they had with Mailchimp, a famous email marketing platform that was recently hacked.
Mailchimp reported on January 11 that its security team had identified an unauthorized actor who had accessed one of its tools through a social engineering attack against the company’s employees and contractors.
The hacker gained access to 133 select Mailchimp accounts using the credentials of the employees compromised in that attack, with the WooCommerce account being one of those affected.
There is no evidence that customer data has been compromised beyond these Mailchimp accounts. Mailchimp has temporarily suspended account access for the affected accounts and has notified the primary contacts of all affected accounts.
On the other hand, WooCommerce has put users on notice. Your account is one of 130 that appear to have been affected by this security incident, and the breach may have resulted in some information we shared with them, including name, store URL, and email address, being exposed.
No payment details, passwords, or other sensitive security information is part of this breach. Store and customer data has not been affected by this incident, nor have WordPress.com or WooCommerce.com accounts. This has not been a WordPress.com or WooCommerce.com breach, and no action is required on our part, but they are alerting customers to caution.
They’re working with Mailchimp to better understand the cause of the breach and what they’re doing to prevent similar incidents in the future.
Learn more at mailchimp.com.
