Master of Malt said in a note that it had discovered a “potential breach of some of our customer data stored on Mailchimp”. Mailchimp manages its email list.
Tom McGuinness, managing director of the firm, said: “Even if you are using a modern email system with a good spam filter, please be especially vigilant over the next few days. So far we've seen two types of spam email being sent – one purporting to be from Mailchimp and asking you to update your billing details, and the other claiming to be from the UK government asking for personal details to check whether you are due a tax refund.”
He added that both types of email are “very convincing” and warned customers not to click on any links in any email.
He apologised for the potential breach.
A Mailchimp company representative sent a statement to Fudzilla:
"There was no breach on Mailchimp's end. Instead, individual accounts can be accessed by unauthorized parties when their credentials are lost or stolen and used to send spam or phishing emails.
"At Mailchimp, our users’ security is our top priority. When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access to the account to prevent further malicious activity. We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.
"While no future spam emails should come from this account, we agree that customers should be careful not to click on any links in suspicious emails and should report those messages."