Marketing automation company Mailchimp has reported that it has been the victim of a social engineering attack-related data breach. that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.

“The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” the Intuit-owned company said in a disclosure.

Mailchimp identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts. And all those affected accounts were notified within 24 hours. however, did not reveal the duration for which the intruder remained on its systems.

The marketing automation company has been the victim of its second hack within 12 months.

The objective of social engineering attack is to influence, manipulate or trick users into releasing sensitive information or access within an organization.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.

In an official statement it says On November 17, 2021, they discovered unauthorized third-party access to our Managed WordPress hosting environment.

They identified suspicious activity in their  Managed WordPress hosting environment and after that  they immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.

Go Daddy immediately blocked the unauthorized third party from their system and  investigation is ongoing, but they have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:

• Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
• The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, then reset those passwords.
• For active customers, sFTP and database usernames and passwords were exposed. Then reset both passwords.
• For a subset of active customers, the SSL private key was exposed. Go Daddy will be issuing and installing new certificates for those customers.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter  and LinkedIn to read more exclusive content we post.

Since a  long time the Cost of a Data Breach Report is produced jointly between Ponemon Institute and IBM Security. The research is conducted independently by Ponemon Institute, and the results are sponsored, analyzed, reported and published by IBM Security.

The Cost of a Data Breach Report is a global report, combining results from 524 organizations across 17 countries and regions, and 17 industries to provide global averages.

Due to pandemic there were rapid shift  to remote work and  leads to enormous data breaches. Organizations were focused on getting online and security become afterthought. Also security leaders struggling to maintain status que or compliance of organization.

The study identify the following trends among companies:

Healthcare breach cost: Healthcare industry topped in average total cost of a data breach with $7.3 million a 10% increase over the 2019 study. Similarly, the energy sector saw a 13% increase from 2019, to an average of $6.39 million in the 2020 study. Overall, 13 of 17 industries experienced an average total cost decline year over year, with the steepest drops coming in media, education, public sector and hospitality.

Stolen credentials: Stolen or compromised credentials were the most expensive cause of malicious data breaches. One in five companies (19%) that suffered a malicious data breach was infiltrated due to stolen or compromised credentials, increasing the average total cost of a breach for these companies by nearly $1 million to $4.77 million. Overall, malicious attacks registered as the most frequent root cause (52% of breaches in the study), versus human error (23%) or system glitches (25%).

Shift to cloud: Misconfigured clouds were a leading cause of breaches. Security complexity and cloud migration cost companies most. Undergoing an extensive cloud migration at the time of the breach increased the average cost of a breach by more than $267,000, to an adjusted average cost of $4.13 million.

Remote work:  The report found that factors such as remote working has a significant impact on data breach response. Nearly 20% of organizations studied reported that remote work was a factor in data breach, and these

Breach up ending costing companies$4.96 million(nearly 15% more than the average breach)

Investment in incident response teams and plans reduced the data breach cost . companies with incident response team that also tested their incident response plan had an average breach cost of $3.25 million.