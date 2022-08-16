U.S. markets close in 3 hours 38 minutes

  • S&P 500

    4,310.07
    +12.93 (+0.30%)
     

  • Dow 30

    34,159.19
    +246.75 (+0.73%)
     

  • Nasdaq

    13,114.17
    -13.88 (-0.11%)
     

  • Russell 2000

    2,021.13
    -0.22 (-0.01%)
     

  • Crude Oil

    86.96
    -2.45 (-2.74%)
     

  • Gold

    1,788.20
    -9.90 (-0.55%)
     

  • Silver

    20.06
    -0.21 (-1.05%)
     

  • EUR/USD

    1.0171
    +0.0006 (+0.06%)
     

  • 10-Yr Bond

    2.8400
    +0.0490 (+1.76%)
     

  • GBP/USD

    1.2080
    +0.0022 (+0.18%)
     

  • USD/JPY

    134.4150
    +1.1430 (+0.86%)
     

  • BTC-USD

    23,859.07
    -391.09 (-1.61%)
     

  • CMC Crypto 200

    568.41
    -3.51 (-0.61%)
     

  • FTSE 100

    7,536.06
    +26.91 (+0.36%)
     

  • Nikkei 225

    28,868.91
    -2.87 (-0.01%)
     

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach

Carly Page
·3 min read

Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp.

In a scant blog post dated August 12, just two days after the company's co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting data and information from “crypto-related companies” using phishing and social engineering tactics. Mailchimp hasn’t yet shared any further details about the incident — or responded to TechCrunch's questions — just months after hackers compromised an internal Mailchimp tool to access information on 300 accounts.

While Mailchimp is keeping quiet, DigitalOcean is not, after confirming it also fell victim to the attack.

In a blog post, DigitalOcean's head of security Tyler Healy said the company discovered its Mailchimp account was compromised on August 8 after finding its emails, like account confirmations and password resets delivered via Mailchimp, stopped reaching its customers. Its investigation found that DigitalOcean’s Mailchimp account was suspended without warning or explanation. An automated email from Mailchimp said the account had been temporarily disabled due to a "terms of service" violation. Mailchimp sent the same message to others working in the crypto industry, fueling speculation that the company had dropped crypto content creators from its service.

At the same time, Healy says DigitalOcean’s security team was made aware by one of its customers who claimed their password was reset without their consent.

DigitalOcean says it took two days for the company to receive a response from Mailchimp, confirming on August 10 that DigitalOcean's account was compromised and that Mailchimp suspended the account as a result. DigitalOcean said it understands that an attacker "compromised Mailchimp internal tooling."

Healy said a “very small number” of DigitalOcean customers experienced an attempted compromise of their accounts through password resets. TechCrunch asked DigitalOcean how many users were affected but has yet to receive a response.

In its short explanation of the incident, Mailchimp says it took “proactive measures to temporarily suspend account access for accounts where we detected suspicious activity while we investigate the incident further,” adding: "We took this action to protect our users’ data, and then acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures.”

In an email sent to one affected customer that TechCrunch has seen, Mailchimp said it became aware of "potential unauthorized activity" in the users' account and advises "letting your contacts know they should be extra vigilant about any phishing attacks that appear to come from your company or company's account."

Mailchimp said it has notified affected customers directly. DigitalOcean said it has migrated its email service away from MailChimp.

DigitalOcean noted that the use of two-factor authentication saved a handful of customers targeted by the attacker from complete account compromise and, as such, the company is planning to implement two-factor security by default for all DigitalOcean accounts.

“The ecosystem is fragile, and chains of trust, when broken, can have significant downstream consequences,” said Healy.

News of Mailchimp's breach lands not long after encrypted messaging app Signal said it was affected by the recent breach of Twilio. a provider of SMS and voice communications. Signal said attackers accessed phone numbers and SMS verification codes for 1,900 users.

Read more:

Recommended Stories

  • Liz Cheney trails Trump-backed primary challenger

    Rep. Liz Cheney's primary in Wyoming is one of the most closely watched primaries this election season. Cheney has become one of the loudest critics of former President Donald Trump. Robert Costa reports.

  • Apple employee claims managers are threatening to fire her over viral TikTok video

    Paris Campbell was allegedly told she violated company policy by giving away confidential information.

  • Jump Crypto Picked to Revamp Solana to Make Blockchain More Reliable

    The crypto trading firm and builder is reupping its commitment after the once-hot blockchain hit potholes.

  • Tornado Cash US Ban Is ‘Bad Precedent,’ but Monero Was ‘Made for This’: Cake Wallet Exec

    Justin Ehrenhofer, vice president of operations at Cake Wallet, joined CoinDesk TV’s “First Mover,” to discuss the implications of the government regulation when it comes to privacy coins.

  • Zacks Industry Outlook Highlights Arista Networks, Spirent Communications and TESSCO Technologies

    Arista Networks, Spirent Communications and TESSCO Technologies are part of Zacks Industry Outlook article.

  • Elliott Management has sold most of SoftBank stake: report

    MARKET PULSE Elliott Management has sold almost all of its position in Japan's SoftBank (jp:9984) the Financial Times reported, citing people familiar with the trade. The report said Elliott had lost conviction in the ability of founder Masayoshi Son to close the huge gap between the value of SoftBank's various holdings and its market capitalization.

  • Cryptoverse: Electric ether leaps on verge of Merge

    After years of delays, the "Merge" seems all but certain to take place in September, with the cryptography underlying the blockchain undergoing a radical shift to a system where the creation of new ether tokens becomes far less energy-intensive. Investors seem to agree, with ether outstripping big brother bitcoin. Ether has seen six consecutive weeks of gains, pushing it up from a 1-1/2-year low of $880 in mid-June to levels closing in on $2,000, even though it's way off its November 2021 peak of $4,868.79.

  • Cost of living: Government to simplify broadband access

    The government says new system will give those receiving benefits better access to cheaper broadband.

  • Adtran (ADTN) Fiber Extension Portfolio Boosts TPG's Services

    Adtran (ADTN) fiber extension portfolio comprising multi-gigabit fiber access and fiber extension solutions is boosting TPG's services.

  • VLC-developer VideoLan says India blocking site endangers its own citizens

    VideoLan, the developer of popular media player VLC, says Indian telecom operators have been blocking its website since February of this year in a move that is potentially impacting some users in one of the open source firm’s largest markets. “Most major ISPs [internet service providers] are banning the site, with diverse techniques,” VideoLan president and lead developer Jean-Baptiste Kempf said of the blocking in India, in an email to TechCrunch. The telecom operators began blocking the VideoLan website on February 13 of this year, when the site saw a drop of 80% in traffic from the South Asian market, he said.

  • Stop Attacking DeFi Founders for Complying With the Tornado Cash Sanction

    It is perfectly reasonable, and possibly preferable, for Ethereum blockchain-based apps to block users with exposure to Tornado Cash, following the sanction of that anonymizing service last week. This distinction has been spotlighted in recent days, as the crypto industry begins to reckon with the magnitude of the Tornado ban.

  • What you might have missed at Black Hat and Def Con 2022

    Hackers, researchers, cybersecurity companies and government officials descended on Las Vegas last week for Black Hat and Def Con, a cybersecurity double-bill that’s collectively referred to as “hacker summer camp.” This year’s cyber gathering was particularly exciting: Not only did it mark Black Hat’s 25th anniversary, but also the first time since the start of the pandemic that attendees have fully returned to the carpeted hallways of the popular security conferences. Belgian security researcher Lennert Wouters took to the stage at Black Hat on Thursday to showcase how he was able to hack StarLink’s user terminals — referred to as "Dishy McFlatface" by Elon Musk's SpaceX employees — using a homemade circuit board, or “modchip.”

  • Puerto Rico Power Utility Takes More Time to Reach Debt Deal

    (Bloomberg) -- Puerto Rico’s Electric Power Authority and its creditors will keep negotiating through Sept. 9 to strike a potential deal to reduce $9 billion of debt.Most Read from BloombergSaudi Billionaire Made $500 Million Russia Bet at War OnsetWells Fargo Plans Major Retreat From Mortgage Business It Long Dominated‘Next Generation’ Moderna Coronavirus Booster Jab Approved for Use in AdultsDOJ Opposes Release of Affidavit in Trump Search, Citing ProbeMuch of the US Will Be an ‘Extreme Heat B

  • Fintech Giant Lufax Plans Hong Kong Listing to Hedge US Risk

    (Bloomberg) -- Fintech firm Lufax Holding Ltd. is planning to go public in Hong Kong, the latest in a wave of New York-traded Chinese companies seeking alternative listings to hedge against the risk of being banned from US markets.The Ping An Insurance Group Co.-backed company aims to file for a listing in Hong Kong as soon as the second half of this year, according to people familiar with the matter, who asked not to be named because the information is private. The discussions are preliminary a

  • Premium products are on the rise despite record inflation rates and cost-of-living crunch

    Starbucks, Kraft Heinz, and Disney Plus are proving the more expensive option isn’t turning consumers away.

  • What a Chinese Blockade of Taiwan Would Mean for Global Business

    Taiwan is home to the world’s biggest chip maker, TSMC, and sits next to one of the busiest shipping lanes.

  • Here is What to Know Beyond Why Meta Platforms, Inc. (META) is a Trending Stock

    Zacks.com users have recently been watching Meta Platforms (META) quite a bit. Thus, it is worth knowing the facts that could determine the stock's prospects.

  • Digital Bank Revolut Gets Approval to Offer Crypto Services Throughout Europe

    European digital bank Revolut has been granted authorization by the Cyprus Securities and Exchange Commission (CYSEC) allowing it to offer crypto services across the European Economic Area (EEA).

  • Oil settles with a 3% loss as China growth worries dominate

    Oil futures settle with a loss of around 3% on Monday as weak economic data from China raise fears that a slowing global economy will reduce demand for energy products.

  • Elliott Management Holds a Position in Cardinal Health: Report

    The investor group suggested five directors join the company's 11-person board. The report from The Wall Street Journal comes a few days after Cardinal delivered an earnings miss.