DigitalOcean has ended its relationship with Mailchimp, its email service provider, following a security issue.
In a series of recent events, several crypto industry executives have accused Mailchimp of suspending their accounts without any prior warning. This suspension came after Mailchimp temporarily halted DigitalOcean's account due to a suspected violation of its terms of service.
DigitalOcean, a cloud infrastructure provider, has admitted that its threat models and security visibility need improvement in third-party SaaS (Software as a Service) and PaaS (Platform as a Service) environments. This admission came following an incident where an attacker compromised Mailchimp's internal tooling, leading to DigitalOcean's account suspension.
Mailchimp, in an Aug. 12 security announcement, revealed that malicious actors have been targeting the crypto industry, attempting to access data through phishing and social engineering attacks. As a result, DigitalOcean migrated to a new email services provider to ensure the security of its operations.
The attack on Mailchimp appears to be part of a larger wave of attacks targeting the email marketing industry. Other companies like Klaviyo, HubSpot, and Constant Contact have also been targets of malicious attacks over the past year. The actors in these attacks used phishing or social engineering to access employee credentials.
Security researchers suggest that the attempted compromise of DigitalOcean's accounts highlights concerns about the security of supply chains and the loss of customer trust when companies fail to properly monitor their systems and communicate issues downstream.
Fortunately, in the case of DigitalOcean, the attacker was unable to access the accounts due to the use of two-factor authentication. DigitalOcean plans to lean in with customers on two-factor authentication and is evaluating two-factor authentication by default.
Forrester senior analyst Alla Valente stated that email marketing technologies don't get the same level of scrutiny as financial technologies or IT services, but they have access to a large amount of company data. Every organization is responsible for vetting and assessing the third-party risks of using email marketing tools.
Matt Chiodi, chief trust officer at Cerby, suggests that the Mailchimp compromise was likely initiated by a phished Mailchimp employee and a lack of Single Sign-On (SSO). Chiodi's assertion is backed by the fact that a single attacker initiated password resets against a limited number of DigitalOcean accounts and successfully changed the passwords.
This article has been updated to correct the spelling of Klaviyo. The organization that suspects DigitalOcean as the attack target in the Mailchimp email account security breach is Cloudflare.
In light of these events, it is crucial for businesses to prioritize their email security and take necessary precautions to protect their sensitive data. This includes the use of two-factor authentication, SSO, and regular monitoring and assessment of third-party risks.
