MailChimp accounts hacked to send spam emails

MailChimp, the email newsletter service, is most popularly known for its incessant adverts on each and every podcast you listen to. Recently, it has been compromised by hackers and they sent some malicious links which purported to be from MailChimp to some companies. The incident clearly shows that hackers nowadays are willing to use any means to generate income for themselves.

In one of the emails which were sent by the cyber attackers, the following message was sent, “Here’s your invoice! We appreciate your prompt payment”. The email is said to be affiliated with the accounting software Quickbooks and was reportedly sent by the Business News Australia.

The owner of the site and Australian security researcher, Troy Hunt, managed to send some news sites the copy of the email that he had gotten from the hackers. As per the email, it was sent by the administrator account based on the news website. The ‘View Invoice’ button in the email has a link to a malicious zip file according to the malware analysis site, Virus Total.

Most of the times companies and websites usually outsource the job of sending out emails to other companies so that they don’t have to worry. In one email that the news network sent out and which was screenshot by Hunt said that the company’s MailChimp subscriber database had been hacked and that fake invoices had been issued out as a result. Camilla Jansen the managing editor at Business News Australia said that the users were supposed to disregard the email because nothing in it was true at all.

Other companies which were affected by the hack on the MailChimp service included the Sit Down Comedy Club based in Brisbane and another Australian based company called Jim’s Building Inspections.

On their part, MailChimp noted that they had noticed a number of accounts which had received fake invoices. They said that there was no evidence on MailChimp’s part.

---

Categories: News