Security News Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List

[Gandalf_The_Grey]

Content source

https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.

Loading the List into Have I Been Pwned

When I have conversations with breached companies, my messaging is crystal clear: be transparent and expeditious in your reporting of the incident and prioritise communicating with your customers. Me doing anything less than that would be hypocritical, including how I then handle the data from the breach, namely adding it to HIBP. As such, I’ve now loaded the breach and notifications are going out to 6.6k impacted individual subscribers and another 2.4k monitoring domains with impacted email addresses.

A Sneaky Phish Just Grabbed my Mailchimp Mailing List

You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing

www.troyhunt.com

 

[Zero Knowledge]

Evidence that even the most educated and informed can be compromised. Kind of sad