No platform is off limits to hackers and not even our dear newsletter service; MailChimp. The email broadcast service has now been exploited by hackers to send out emails containing malicious links to subscribers to different services that rely on MailChimp according to Motherboard.
The email reads something like “Here’s your invoice! We appreciate your prompt payment.” An Australian security researcher (who also owns the Have I Been Pwned?) sent a sample email to Motherboard in which he said “This morning our MailChimp subscriber database was hacked and a fake invoice (Inoice 00317) [sic] was sent to our list,” he also went ahead to back this claim up with screen shots on Twitter as seen below;
An unsuspecting user is then required to view such an invoice by clicking on the “View Invoice” button which leads to a .zip file and has been confirmed to be indeed malicious. An Australian company according to the tweet above had confirmed that its MailChimp subscriber database had been hacked and a fake invoice (Inoice 00317) had been sent to their list of subscribers. These subscribers may not know it’s actually fake and could have clicked on the link without knowing that they are indeed allowing some hacker access to their device.
The company has since issued a statement asking its subscribers to disregards suhc emails and in a statement to Motherboard, they said “Please disregard and delete this email. You have not been charged,” it adds. Camilla Jansen, managing editor of Business News Australia, told Motherboard in an email “We’re waiting to find out more.”
MailChimp in the meantime released a statement to Motherboard saying;
“Early this morning MailChimp’s normal compliance processes identified and disabled a small number of individual accounts sending fake invoices. We have investigated the situation and have found no evidence that MailChimp has been breached. The affected accounts have been disabled, and fraudulent activity has stopped.”
While they (MailChimp) also encourage users to set up two-factor authentication, it is also imperative for recipients to be careful of links they click on. An example would be if you suspect a change in pattern of email from a company you subscribe to, you should probably contact someone to know if they indeed sent that email. I know this other one sounds old but it’s still valid, change your passwords regularly and don’t use the same password across multiple sites. The problem they suspect in this case could have been a result of password reuse.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
