The MailChimp email newsletter service was recently attacked by hackers who infiltrated their subscriber database and sent out emails containing malicious links to users. The emails appeared to be from companies that used MailChimp to outsource their newsletter distribution.
The phony emails originate from an administrator account, alleging to be invoices utilizing Quickbooks. Clicking the “View Invoice” button within the message opens an attached .zip file containing malware.
Once the breach became apparent, Twitter users began posting screenshots of the invoices they received from the varying companies. So far the hack has appeared to have affected multiple businesses in Australia including Business News Australia, Jim’s Building Inspections, and the Sit Down Comedy Club in Brisbane.
According to MailChimp, they discovered the hack when their normal compliance process identified accounts sending out the phony invoices. While they said that the accounts were identified and disabled, they encouraged the use of two-factor authentication, implying the problem may have been password related.