Mailchimp breach compromises DigitalOcean user email addresses

Cloud infrastructure provider DigitalOcean had "a very small number" of its customers' email addresses compromised following a phishing and social engineering campaign against Mailchimp aimed at exfiltrating cryptocurrency-related firms' data and information, reports TechCrunch. DigitalOcean's Mailchimp account was discovered to be compromised on Aug. 8 following nondelivery of account confirmations and password resets to customers, according to DigitalOcean Head of Security Tyler Healy. Further investigation revealed that Mailchimp had suspended DigitalOcean's account as a result of a "terms of service violation," with similar account suspension warnings sent to cryptocurrency industry members. DigitalOcean confirmed from Mailchimp on Aug. 10 that the email marketing firm's internal tooling had been compromised by the incident. Meanwhile, Mailchimp said on Aug. 12 that the incident had impacted 214 accounts and noted that it temporarily suspended accounts as a proactive measure. "We took this action to protect our users data, and then acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures," said Mailchimp.