It’s the second time the company was hacked in the past nine months.
“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” the company said in a statement.
The Mailchimp Security team identified an unauthorised actor accessing one of its tools used by its customer-facing teams for customer support and account administration.
“The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” the company said.
After it identified evidence of a hacker, it temporarily suspended account access for Mailchimp accounts where it detected suspicious activity to protect our users’ data.
“We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery,” said the company in its latest statement.
The company has sent emails to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely.
In April last year, hackers stole data from more than 100 clients of Mailchimp after they broke into its services, using the data to mount phishing attacks on the users of cryptocurrency platforms.
The hackers were able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them.