searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 16, 2022
Share

DigitalOcean customers affected by Mailchimp “security incident”

A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday.

“On August 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain. From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed,” shared Tyler Healy, VP Security at DigitalOcean.

What happened?

Mailchimp is an email marketing automation platform, which DigitalOcean uses – or did use, until this incident – to deliver “email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails” to its users.

“At 3:30pm ET on August 8th, 2022 transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers’ inboxes,” Healy explained.

“During that same timeframe on August 8th, our Security Operations team was made aware of a customer who claimed their password had been reset, without their initiation. Recognizing a likely connection between our sudden loss of transactional email, and potentially malicious password resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage.”

The investigation discovered that DigitalOcean’s Mailchimp account had been compromised, and soon after suspended by Mailchimp.

Also, that the compromised Mailchimp account provided the attacker with email addresses of DigitalOcean customers, allowing them to initiate malicious password resets against a “limited set” of accounts.

Some of the password reset attempts were not successful, but some were. At least one account takeover attempt was foiled by the fact that the attacker wasn’t able to get their hands on the second authentication factor needed to access to the account.

Healy said that the customers’ accounts that have been targeted “have been secured, and [it’s owners] have been contacted directly.”

Attempted compromise via third party

The incident spurred DigitalOcean to end their collaboration with Mailchimp and go with another email service provider.

The company also learned that the chains of trust, when broken, can have significant downstream consequences. “Our threat models and security visibility must improve in our third-party SaaS and PaaS environments,” Healy noted.

Finally, the incident will spur them to push customers towards enabling 2-factor authentication on their account, while they are simultaneously thinking about making “two-factor authentication on-by-default for all DigitalOcean customer accounts.”

Since the attacker grabbed customer emails addresses, the company is also warning users about possible phishing attempts in the coming weeks.

In third-party-compromise-related news, the recent Twilio breach has resulted in the compromise of phone numbers or SMS verification codes of 1,900 registered Signal users.

More about
  • 2FA
  • account hijacking
  • DigitalOcean
  • Mailchimp
  • third party compromise
Share this

Featured news

  • These 15 European startups are set to take the cybersecurity world by storm
  • Enhance security while lowering IT overhead in times of recession
  • Why you should treat ChatGPT like any other vendor service
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

These 15 European startups are set to take the cybersecurity world by storm

Enhance security while lowering IT overhead in times of recession

Why you should treat ChatGPT like any other vendor service

2022 witnessed a drop in exploited zero-days

5 rules to make security user-friendly

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us