Digital Ocean fell victim to a data breach via a Mailchimp account. The email addresses of a small number of customers were most likely captured.
According to a statement by Digital Ocean, the Mailchimp account of an employee was recently hacked. The hackers most likely used email address @arxxwalls.com and IP address x.213.155.164 to seize the account.
The account was used for resetting passwords and other alerts. Though the hackers managed to change a customer’s password, two-factor authentication prevented further damage.
Discovery at Mailchimp
Mailchimp discovered anomalous behavior and immediately suspended the account. This alerted Digital Ocean that the account had likely been hacked. In a statement of its own, Mailchimp indicated that the cyberattack was aimed at crypto companies.
Digital Ocean notified customers of the attack. According to the cloud infrastructure provider, the hackers attempted to reset the passwords of a small number of customers. Not all attempts were successful. The company has since informed customers that their accounts were compromised.
Further investigation shows that the attack had relatively little impact. Only the email addresses of a small number of customers were reportedly leaked. In response, Digital Ocean suspended all email traffic to its customers at Mailchimp.
Previous attack on Mailchimp
Mailchimp was hacked earlier this year. Like the most recent incident, hackers targeted user data to carry out phishing attacks on crypto wallets. The well-known Trezor wallet was attacked.