“This targeted incident has been limited to 133 Mailchimp accounts.” Source: Mailchimp
Mailchimp identified unauthorized access to one of the tools they use for customer support. The hackers conducted a social engineering attack on employees and contractors, which means that everyone can fall victim to scams, especially if the hackers pose as trusted businesses. Select Mailchimp accounts were compromised with the use of real employee credentials.
Some information such as client names, web addresses, and email addresses from WooCommerce, another client of Mailchimp’s, have been exposed through this breach. Now, think about it— a big corporation like Mailchimp probably invests in strong cybersecurity efforts, especially because they have a large database of client emails and sensitive data, but they are able to bypass security through a social engineering attack.
Data breaches can be caused by system vulnerabilities or social engineering attacks. A study in 2019 showed that more than 90 percent of data breaches could have been prevented if organizations and individuals strengthened their system security and were more knowledgeable of the methods of social engineering attacks.
Organizations with multiple devices need to update and upgrade equipment and tools for better compatibility and security. Updates include fixing errors and improving features such as security, ensuring that hackers won’t be able to find system vulnerabilities as quickly. With that said, both small and large organizations, even individuals, should run checks regularly to make sure all the devices connected to their network are updated properly.
In the case of social engineering attacks, it is usually employees that are tricked into giving login credentials through phishing emails. Hackers can pretend to be a co-worker or a boss asking for passwords. For this reason, it’s important to protect employees’ company emails and make sure they are not being used to sign up for anything else other than work-related tools. It is also best to avoid using public Wi-Fi or using public computers when opening work email accounts. One measure that many companies use is training employees against phishing attacks by sending test emails and reminding them what a phishing email is likely to look like.
To answer the question, online data is not 100 percent secure, especially when we are exchanging information on the internet majority of the time. However, we can secure and protect our email accounts and online data by following basic security measures.
Sangu Mail’s mission is to secure information on your emails, messages, and home network. Check out some features that are designed to permanently remove evil from your inbox:
We actually unsubscribe you from unwanted emails
When GMail’s unsubscribe button seems to not work, Sangu Mail will make sure that the sender removes your email from their email list. We take action on your behalf.
We dig deep to check if the message is legitimate
If you’re not sure if the email is a scam or real, contact our analysts to help check the email for you. We’ll review the messages, even go as far as opening links, to ensure you won’t be.
We have a real analyst giving you 24/7 support
Our analysts work round the clock to ensure all reported incidents are taken care of quickly. When you report suspicious emails to us, you can expect a real-time response from the experts.
Check out more Sangu Mail features to get started. For inquiries, shoot us a message through our contact form and we’ll get back to you as soon as possible.