The email marketing company Mailchimp said its network was breached following a social engineering attack.
An intruder viewed about 300 Mailchimp accounts and audience data was exported from 102 of them, Siobhan Smyth, chief information security officer, said in a statement.
Mailchimp software is used by publishers and companies to compose newsletters and send promotional messages to customers. Smyth didn’t identify the clients affected.
Mailchimp’s security team became aware that a malicious actor had accessed an internal tool used by customer-facing teams for support and account administration, Smyth said.
The attacker conducted a successful social engineering attack on Mailchimp employees, resulting in credentials being compromised, she said.
“Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance,” Smyth said.
Mailchimp has since received reports that the hacker was using the information obtained from user accounts to send phishing campaigns to their contacts.
Intuit Inc., the maker of TurboTax and QuickBooks software, acquired Mailchimp for $12 billion in cash and stock last year.