DigitalOcean warned its customers that the MailChimp breach exposed the email IDs of a few of the customers. As a result, a small number of those customers experienced password reset without their involvement. The cloud infrastructure giant, DigitalOcean, first discovered the security incident when MailChimp disabled its account without any warning or notification on the 8th of August. Moreover, customers also complained about their password reset incidents to the cybersecurity team.
The latest update regarding the recent Mailchimp security incident is that DigitalOcean has moved out of the email service provider MailChimp.
Digital Ocean said they reached out to MailChimp as soon as they knew about the security incident. However, MailChimp did not respond until August 10th. On the 10th, the email service provider confirmed that various email address accounts were compromised.
However, the cloud giant also said that only a few customers’ email addresses were compromised.
Although MailChimp has already explained the matter. According to MailChimp, the attackers compromised its internal tools, thus getting access to the email addresses of the DigitalOcean customers. However, the two-factor authentication saved the significant loss and prevented attackers from moving further.
This security incident at DigitalOcean highlights the dangers of supply chains with vulnerable systems. Your business can easily compromise its reputation if it relies on a service provider that often suffers from cyber attacks.
Security Incident at DigitalOcean: What happened?
DigitalOcean, on 8th August, noticed that various transactional emails delivered via MailChimp from its platform stopped reaching its customers. The engineering team discovered that their MailChimp account was suspended. Soon after this, a customer’s security operations team of DigitalOcean is notified that their password is reset without participating in this act.
After both incidents, an investigation was run, and the very initial discoveries explored a non-DigitalPcean email address on 7th August from MailChimp. On August 6th the email [@]arxxwalls.com was not present on a similar Mailchimp email.
As per DigitalOcean, as soon as they discovered the issue with their MailChimp account on 8th August, they tried contacting MailChimp via various available methods. But they got their first response on the 10th confirming the MailChimp security breach.
Whereas MailChimp suspected and also stated that mainly crypto-related customers were targeted by the attackers in this cyber breach. They also confirmed the suspension of the accounts where suspicious activities were detected as a measure to prevent data access. They also told that the attackers breached using social engineering and phishing techniques. As a result, hackers accessed around 214 MailChimp accounts.
The cloud giant’s investigation indicated that the password was changed by the attacker’s IP address x.213.155.164. However, the accounts were not accessed due to the two-factor authentication as the second factor was not completed by the attackers.
DigitalOcean also confirmed that its security team took preventive actions to protect the customers’ accounts. Their team also communicated personally with the customers about this exposure of their email addresses. The company also confirmed that attacks against DigitalOcean stopped after the 7th of August.
According to DigitalOcean, after further investigations, their email outage incident management team decided to migrate from MailChimp to another service provider. The other provider successfully returned those critical transactional emails online on August 9th.
This security incident experienced by MailChimp risked not only DigitalOcean and its customers but also various organizations. Besides DigitalOcean, other MailChimp customers who also experienced account suspension include Cointelegraph, NFT Creators, Edge Wallet, Messari and Decrypt, and Ethereum FESP. Even before this latest security breach, MailChimp experienced a similar type of breach on its internal support tools in April 2022. This attack targeted its Cryptocurrency or NFT-related customers. It was a massive phishing attack that mainly targeted customers of Trezor hardware wallet.
As discussed, in the latest cyber attack, DigitalOcean’s disclosure mentioned its MailChimp account had an email address from the domain @arxxwalls.com as a sender. However, the domain owner said it had been misused by various scams, fake companies, and phishing attacks.
This security incident lets us know that it is always compulsory for a business to carefully verify the security standards. Having two-factor authentication for users is essential as it can minimize the risk of data being hacked. Moreover, SSO or Single Sign-On is another cyber risk-mitigating technique that can ensure the security of customer data. Security features are one of the most important things a business should look for while employing any software or security services for it.