Email marketing platform Mailchimp has been hacked for the second time in the space of a year, with the attacker gaining access to 133 accounts — including that of ecommerce giant WooCommerce.
Mailchimp said in a blog post that it detected an intruder accessing one of its internal tools used by its customer support and account administration teams on 11 January. The company did not say how long the intruder had been in the system.
The attacker conducted a social engineering — essentially phishing — attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.
The company sent an email to affected accounts last week to help those affected gain access to their accounts again and make them safe.
One of the compromised companies was WooCommerce, an ecommerce platform that lets people connect shops to WordPress sites.
Last August, Mailchimp was the victim of another social engineering attack that compromised login details of its customer support staff and led to 214 accounts being compromised.