MailChimp Security Breach Exposed the Email Addresses of DigitalOcean Customers

KEEPNET LABS > Blog > MailChimp Security Breach Exposed the Email Addresses of DigitalOcean Customers

MailChimp Security Breach Exposed the Email Addresses of DigitalOcean Customers

A security breach exposed the email addresses of some customers of DigitalOcean. A small percentage of those customers received an unauthorized password reset. Digital Ocean’s transactional emails from platform delivered through Mailchimp stopped reaching mailboxes. The company confirmed a small number of accounts were targeted by malicious password resets.

Aug 19, 2022 6:59 am

Customers of the US cloud infrastructure provider Digitalocean have been affected by a recent security incident identified by the email marketing company Mailchimp. A security breach exposed the email addresses of some customers, and a small percentage of those customers received an unauthorized password reset. On August 8, Tyler Healey, head of security at Digitalocean, the company announced that the Mailchimp account had been compromised as part of the statement “we suspect this is a broader Mailchimp security incident affecting its customers targeting encryption and blockchain”. According to a recent DigitalOcean blog post, transactional emails from the platform delivered through Mailchimp have stopped reaching the mailboxes of DigitalOcean customers. This was noticed during internal tests by engineering teams. It was also found that the Mailchimp account was suspended without access and no other information was provided by Mailchimp.

Therefore, Digitalocean’s customer confirmations via email, password reset, product health alerts via email, and dozens of other transactional emails could not reach the recipient. One of the first discoveries was a non-DigitalOcean email address that appeared in the regular Mailchimp email on August 7. [@] arxxwalls.com the email was missing from a similar Mailchimp email from August 6. This led us to a strong belief that our Mailchimp account had been compromised,” Digital Ocean said. After discovering the problem, DigitalOcean started reaching out to our Mailchimp through support channels. The company informed that the first actionable response and meeting with the Mailchimp/Intuit legal team was received on August 10 to understand the consequences of the incident. DigitalOcean said it understood the attacker had “compromised Mailchimp’s internal tools.”

In October, the attackers used stolen customer email addresses to access DigitalOcean accounts by resetting passwords. Internal logging specifies the attacker’s IP address. x. 213.155.164. The company confirmed a small number of DigitalOcean accounts were targeted by malicious password resets. Although not all discharges were successful.

Security breach

Keepnet Labs’ Threat Sharing Module: How to identify attackers in reconnaissance stage

Fewer and fewer businesses can protect themselves and the sensitive data under their control as a result of the rapid pace of digitalization, increased attack surfaces, and variety of vulnerabilities and attack methodologies. To stop the attacks, several successful and effective recent cyberattacks brought up the question of sharing threat intelligence once more. The government […]

Security breach

The last hunt of social engineering: Uber

“Hi @here I announce I am a hacker and Uber has suffered a data breach” was the message that appeared in a channel on Uber’s Slack. After the message, the ride-share giant confirmed that it was responding to “a cybersecurity incident” in cooperation with law enforcement. An 18-year-old hacker reportedly took responsibility for the attack […]

Security breach

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

An advanced weapon is emerging that uses data analysis to hone systems and suppress attacks. Darktrace's artificial intelligence solutions can help companies restrict access to APIs, neutralize shady IT, protect supply chains and even improve the efficiency of DEVSECOPYRIGHTs.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.