Mailchimp's Recurring Breaches: Why API Token Hygiene Keeps Failing

Threat Intelligence

Mailchimp was breached in March 2022, August 2022, and January 2023. Each time the entry point was different; each time the impact was customer mailing lists and API tokens. A look at the pattern and what customers should do.

By Arjun Raghavan, Security & Systems Lead, BIPI · February 18, 2024 · 7 min read

Mailchimp disclosed at least three customer-affecting breaches between March 2022 and January 2023. The pattern matters because each was a different initial-access technique but the post-exploitation playbook converged: harvest customer API tokens, pull contact lists for high-value customers (especially crypto and fintech), use those lists for downstream phishing. Two years on, the Mailchimp case is the cleanest example of why marketing-platform tokens deserve the same governance as production credentials.

Timeline of three breaches

1. March 26, 2022: Mailchimp discovers an insider tool compromise via social engineering of customer support staff. ~100 customer accounts viewed, ~319 accounts had data exported. Trezor and other crypto-adjacent customers affected.
2. August 11, 2022: A second social engineering campaign targets Mailchimp employees. DigitalOcean customer mailing list is among the data exfiltrated. SIM-swap on a senior employee is reported as part of the access vector.
3. January 11, 2023: Mailchimp confirms a third incident. ~133 customer accounts accessed via stolen employee credentials. WooCommerce and others affected.
4. Throughout 2022 to 2023: API tokens of affected customers are used to make read API calls and (in some cases) to send phishing campaigns from the customer's verified sender domain.

Root cause: customer-support tooling with broad API access

The technical commonality across all three breaches was that customer-support tooling at Mailchimp could read customer mailing lists and, in some configurations, customer API key material. Once an attacker had support-tool access (via social engineering, SIM-swap, or credential phishing), the leap to customer data was a permissions issue, not a separate exploit chain. The customer-side equivalent is a vendor admin console where helpdesk roles can read tenant secrets.

What customers actually saw

Customers whose API keys were exposed saw legitimate-looking API calls from Mailchimp's own infrastructure (because the operators used the keys, not separate impersonation). Customers whose mailing lists were exfiltrated typically saw nothing on the Mailchimp side. The first signal was usually a phishing wave hitting their own customers, with content that referenced the exact list (e.g., a Trezor email warning customers about a fake firmware update, sent only to addresses that had subscribed to Trezor's Mailchimp list).

Detection signals on the customer side

• Mailchimp API calls from your own automation hitting unexpected endpoints (lists/members exports, campaign creation outside normal cadence).
• Unfamiliar device entries in the Mailchimp 'Account Activity' log.
• DMARC reports showing legitimate Mailchimp-signed mail you did not authorize.
• Spike in unsubscribe complaints or spam reports immediately after a breach disclosure window.

Lessons that finally landed in 2024

Three controls became standard in our marketing-stack reviews after the Mailchimp sequence. First, scoped API keys per integration (Mailchimp added this capability after the third breach; many customers still use a single all-permissions key). Second, IP allow-listing on API key usage where the platform supports it, so a stolen key only works from your CI/CD egress. Third, treat marketing-platform tokens as production secrets in the secret manager, with rotation cadence under 90 days. The fourth, harder change is putting marketing platforms in the same vendor-tier as identity providers in your risk register; given the phishing leverage they carry, the tier is justified.

Three breaches in ten months is not bad luck. It is a structural finding: the support-tooling permission model could see customer secrets, and the access path to support tooling was social engineering of humans.

There is a subtle reason this matters in 2024. Threat actors targeting crypto and DeFi users learned during the 2022 to 2023 Mailchimp window that marketing platforms are an excellent stepping stone to high-value retail victims. The technique did not disappear when Mailchimp tightened controls; it generalized. Any platform with high-trust outbound email and a large customer base is now considered a viable target, and the operating practice for customers is to treat the tokens accordingly.

Read more field notes, explore our services, or get in touch at info@bipi.in. Privacy Policy · Terms.