DigitalOcean reports that there was unauthorized access with the mail distribution tool 'MailChimp'
DigitalOcean, which provides a cloud server, announced that some of the accounts of customers using
DigitalOcean Status - Email Notifications
https://status.digitalocean.com/incidents/x0gvb39624ct
Impact to DigitalOcean customers resulting from Mailchimp security incident
https://www.digitalocean.com/blog/digitalocean-response-to-mailchimp-security-incident
According to DigitalOcean, an internal test by DigitalOcean's engineering team discovered at 15:30 ET on August 8, 2022 that transactional emails delivered through Mailchimp were no longer reaching customers. thing.
As a result of the investigation, it was found that DigitalOcean's Mailchimp account itself was suspended, so it was not possible to send emails to customers. Due to MailChimp's suspension, it became impossible to send confirmation emails from DigitalOcean, emails related to password resets, alert emails that send the status of the cloud server, etc.
When DigitalOcean contacted Mailchimp, it seems that an email was sent saying, 'Your Mailchimp account is unavailable. The account with the username 'DigitalOcean' is currently suspended due to a service breach.'
On the other hand, at the same time on August 8, DigitalOcean's security operations team reported that a customer had contacted them that their password had been arbitrarily reset without any contact. DigitalOcean thought that this password reset and Mailchimp's account suspension were related and started an investigation.
Then, it turned out that an email address different from DigitalOcean's was displayed in the email sent from Mailchimp on August 7th. DigitalOcean believes this email led to a compromised Mailchimp account, as this email address was not included in any emails prior to August 6th. After immediately contacting Mailchimp and conducting further investigations, we were formally informed that multiple accounts, including those at DigitalOcean, had been compromised by an attacker who had compromised Mailchimp's internal tools.
After that, by tracing the IP address of the suspected attacker, the customer's DigitalOcean account whose password was reset without permission was confirmed. In addition, it seems that the IP address in question had given up obediently when two-factor authentication was required.
After that, DigitalOcean moved from Mailchimp to another mail service provider, and the problem seems to have been resolved for the time being. DigitalOcean says that they learned the following three things from this uproar.
・The ecosystem is fragile, and if the trust link breaks down, it may have a serious impact on the downstream of the system. DigitalOcean's threat model and security visibility need to improve in third-party Software as a Service (SaaS) and Platform as a Service (PaaS) environments.
• Business continuity plans should better consider third-party downtime, and losses from relying on third-party services can be ameliorated.
・Even if we were targeted by attackers, we found that accounts were not completely compromised if two-factor authentication was set, so we will appeal to customers to set up two-factor authentication.
In addition, on August 12, 2022, Mailchimp said, ``There was an attack targeting Mailchimp's virtual currency-related users, and we took precautionary measures to temporarily suspend accounts that detected suspicious activity.'' Although it has been announced, it has not clarified what kind of security failure was specifically.
Information About a Recent Security Incident Targeting Crypto Companies | Mailchimp
https://mailchimp.com/august-2022-security-incident/
Related Posts:
in Web Service, Security, Posted by log1i_yk