Some customers' emails exposed in Mailchimp security breach: DigitalOcean

Aug 16: DigitalOcean's head of security Tyler Healy said in a blog post on Tuesday that On August 8, the company discovered that its Mailchimp account had been compromised as part of what "we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain".

Mailchimp had earlier admitted a recent attack targeting its crypto-related users, but did not divulge more details.

From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed. Out of an abundance of caution, we are currently sending email communications to those impacted.

DigitalOcean said that a "very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets".

"These customers' accounts have been secured, and have been contacted directly. As of August 9th, we have migrated email services away from Mailchimp," the company informed.

It said that no customer information other than email address was compromised.

"However, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account," the company advised.

Mailchimp said that they were continuing their investigation and proactively providing impacted users with timely and accurate information throughout the process.

DigitalOcean said that the broader email outage incident management team decided to immediately migrate critical services away from Mailchimp to another email service provider.



Top Stories

Leave a Comment

Title: Some customers' emails exposed in Mailchimp security breach: DigitalOcean

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will be held responsible.