The most recent MailChimp hack makes email addresses of DigitalOcean customers public
Image courtesy:PCMag
On Tuesday, DigitalOcean is warning its customers about the recent MailChimp security breach exposing the email addresses of some customers, with a small number receiving unauthorized password resets.
The company has said that they first learned of the breach after MailChimp disabled their account without warning on August 8th.
DigitalOcean used this MailChimp account to send email confirmations, password reset notifications, and alerts to customers.
On the same day, DigitalOcean says that a customer notified their cybersecurity team that without authorization, their password was reset.
After an investigation, they discover an unauthorized email address from the @arxxwalls.com domain was added to their MailChimp account and used in emails starting on August 7th.
Believing that their MailChimp account was breached, DigitalOcean says that they reached out to the company but didn’t hear back until August 10th, when they learned that a hacker had gained access to MailChimp’s internal support tools, Bleeping Computer reports.
A security advisory from DigitalOcean said that they were formally notified on August 10th by Mailchimp of the unauthorized access to their and other accounts by what they have understood to be a Hacker who compromises Mailchimp’s internal tooling.
