MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples
Table of Contents
- By Steven
- Published: Jan 26, 2023
- Last Updated: Sep 30, 2025
MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered. Only 133 Mailchimp customers were affected, correct? However, each of these customers is a business. Some of these businesses, like WooCommerce and FanDuel, have millions of users and can detrimentally affect not only the businesses but their customers as well.
How Did the Attack Occur?
The attack occurred when an unknown party launched a social engineering attack. Social engineering attacks are psychologically-based attacks that manipulate someone to perform a task or divulge information. These attacks are often carried out as phishing attacks, which is why they are so often successful.
What Information Was Viewed or Stolen?
The accessed information likely varied based on the target company. WooCommerce was one of the targeted companies, admitting that its customers’ names, emails, and store web addresses may have been affected. This was told to WooCommerce by MailChimp. As of January 2023, 6.3 million websites use WooCommerce, and 68,000 of the world’s top million websites use the service within that bracket.
How Did MailChimp Admit to the Breach?
MailChimp admitted to the breach by sending notices to each customer account’s primary contacts. There is also a notice posted on the company’s website explaining how the breach happened and what steps it took to prevent or hinder another breach. “We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration,” said the notice. “We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process.”
What Will Become of the Stolen Information?
We should take a look at the numbers;
- As of 2009, FanDuel had over 6 million users and has only grown since.
- WooCommerce also has about 6 million users (at the time of writing).
- The Solana Foundation, which is dedicated to Solana, was also a part of the breach. Solana had over 11.5 million active users as of November 16, 2022.
- Yuga Labs, an NFT provider, has only 70 employees but has put out 200,000 NFTs.
So, not including the other 129 businesses affected, there are already more than 23.8 million people at risk. Yes, the majority of that risk is likely phishing attacks and attempts, but these can still be detrimental. 70% of phishing emails are opened, and 90% of company breaches start with phishing attacks.
What Should Affected Parties Do in the Aftermath of the Breach?
After any breach, let alone one this big, you should always change your password. You should also stay on the lookout for any phishing attacks or attempts that come your way. If you were involved in the breach, the company you are affiliated with would notify you. Another smart idea would be to file a police report. Police reports are often overlooked by victims, thus resulting in more issues down the road.
