The FanDuel sportsbook and betting site is warning customers that their names and email addresses were exposed in a January 2023 MailChimp security breach, urging users to remain vigilant against phishing emails.
On January 13th, MailChimp confirmed they suffered a breach after hackers stole an employee’s credentials using a social engineering attack.
Using these credentials, the threat actors accessed an internal MailChimp customer support and administration tool to steal the “audience data” for 133 customers.
This audience data is different for each MailChimp customer but commonly contains the email addresses and names of customers, or potential customers, that are used to send marketing emails.
Last Thursday, FanDuel emailed customers to warn them that the threat actors acquired their names and email addresses during the MailChimp breach.
FanDuel also stressed that this was not a breach of their systems or FanDuel user accounts and that the hackers did not acquire “passwords, financial account information, or other personal information” during the breach.