DigitalOcean customers affected by Mailchimp security incident
A recent assail targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday.
On august 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp certificate incident that affected their customers, targeted at crypto and blockchain. From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed, shared Tyler Healy, VP Security at DigitalOcean.
Mailchimp is an email marketing automation platform, which DigitalOcean uses or did use, until this incident to deliver email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails to its users.
At 3:30pm ET on august 8th, 2022 transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers inboxes, Healy explained.
During that same timeframe on August 8th, our surety Operations team was made aware of a customer who claimed their password had been reset, without their initiation. Recognizing a likely connection between our sudden red of transactional email, and potentially malicious parole resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage.
The investigation discovered that DigitalOceans Mailchimp account had been compromised, and soon after suspended by Mailchimp.
Also, that the compromised Mailchimp account provided the attacker with email addresses of DigitalOcean customers, allowing them to initiate malicious parole resets against a limited set of accounts.
Some of the password reset attempts were not successful, but some were. At least one account takeover attempt was foiled by the fact that the aggressor wasnt able to receive their hands on the endorse certification component needed to access to the account.
Healy said that the customers accounts that experience been targeted have been secured, and [its owners] have been contacted directly.
Attempted compromise via third party
The incident spurred DigitalOcean to last their quislingism with Mailchimp and spell with another email service provider.
The troupe also learned that the chains of trust, when broken, can make significant downstream consequences. Our threat models and security visibility must improve in our third-party SaaS and PaaS environments, Healy noted.
Finally, the incident will spur them to push customers towards enabling 2-factor authentication on their account, while they are simultaneously thinking about making two-factor hallmark on-by-default for all DigitalOcean customer accounts.
Since the assailant grabbed customer emails addresses, the troupe is also warning users about possible phishing attempts in the approach weeks.
In third-party-compromise-related news, the recent Twilio breach has resulted in the compromise of phone numbers or SMS verification codes of 1,900 registered signal users.