Mailchimp data breach impact unravels as second customer reveals extent of damage

Mailchimp logo displayed on a smartphone
(Image credit: Getty Images)

Numerous Mailchimp customers are now warning users that they might face increased risks of phishing attacks in the wake of a recent data breach.

Online gambling firm FanDuel became the latest Mailchimp client to advise customers of a potential wave of security risks in the wake of the incident.

Reports over the weekend revealed that the sports betting site issued a warning to users, urging them to “remain vigilant” of phishing emails.

“Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients,” read an email distributed to users.

FanDuel added that the vendor in question had confirmed that customer names and email addresses were “acquired by an unauthorised actor”.

“No customer passwords, financial account information, or other personal information was acquired in this incident,” the email read.

"Remain vigilant against email "phishing" attempts claiming an issue with your FanDuel account that requires providing personal or private information to resolve the problem," the email added.

"FanDuel will never email customers directly and request personal information to resolve an issue."

WooCommerce, a popular ecommerce plug-in for Wordpress, was among the first customers to begin warning users. In an advisory to users, the eCommerce platform confirmed that it was one of the clients affected by the breach.

“The breach may have resulted in some of the information you share with us, including your name, store URL, address, and email address, being exposed,” WooCommerce said in an email to customers.

“No payment data, passwords, or other sensitive security information, is part of this breach. Your store and customer data have not been impacted by this incident, nor have your or accounts.”

What happened in the Mailchimp breach?

The US-based email marketing giant confirmed on 13 January that around 133 customers had been impacted by a breach, which came as a result of a social engineering attack on a Mailchimp employee.

Mailchimp said audience data was obtained in the breach, which includes email addresses and customer names. However, the company said at the time that no customer password or credit card information had been compromised in the attack.

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts,” the company said. “There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts."


Cost of a data breach report 2022

Discover the factors to help mitigate breach costs


The incident marks the second breach at the all-in-one marketing platform in less than 12 months. In April last year, Mailchimp battled another security issue which saw hackers control its internal tools to access customer records.

In this case, hackers were able to view 319 of Mailchimp's customer accounts and extracted data from 102 of those - a similar scale to the latest breach.

The immediate fears were the same in last year's incident: customers were likely to receive targeted phishing emails.

Domino effect of Mailchimp breach

While security incidents such as the Mailchimp breach don’t directly result in compromised user accounts, there is a significant risk that exposed information such as email addresses and names can create a ‘domino effect’ of security risks further down the line.

Exposed information is commonly used by threat actors to target users with phishing attacks or attempt to reset passwords to gain account authorisation. This is an issue that has occurred repeatedly in recent years.

Among the victims in last year's Mailchimp breach was cloud computing provider, DigitalOcean, which criticised the company’s handling of the incident and revealed that a “small number” of customers experienced attempted compromise of their accounts through password resets.

More recently, a major data breach at telecoms provider T-Mobile prompted the company to issue an urgent warning that customer may face a wave of phishing attacks after email addresses and account information was leaked online.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.