On January 11, the Mailchimp Security team identified an unauthorized actor attempting to gain access to one of their customer-facing tools used for account administration. The actor was able to gain access to 133 Mailchimp accounts through a social engineering attack on employees and contractors. Although there is no evidence that this incident extended beyond those accounts, Mailchimp took immediate action by suspending account access and notifying primary contacts within 24 hours of discovery. Going forward, they will continue to monitor their systems to ensure that customer data remains secure.
Read more about the security breach here.