(ATLANTA, Ga.) — Mailchimp, the Intuit-owned and Atlanta-based email marketing and automation company, said on January 13 that they had detected an unauthorized actor accessing a Mailchimp software tool used for customer support and account administration.
In a release, the company said that the breach occurred when Mailchimp employees and contractors were targeted by social-engineering attacks. Using employee credentials, they were able to gain access to 133 Mailchimp accounts.
The accounts in question were notified of the breach less than 24 hours after the initial discovery. That afternoon, they were given instructions on how to reactivate their accounts and resume Mailchimp service.
In their coverage of the story, TechCrunch’s Zack Whittaker noted that the attack was remarkably similar to one that occurred less than six months ago. In that breach, data on about 214 Mailchimp accounts were compromised. At the time, they said they’d implemented “an additional set of enhanced security measures,” but didn’t specify what those were.
It’s still not clear who was responsible for the attack, or what their motivation may have been.