Intuit Mailchimp
Company Details
Linkedin ID:
intuitmailchimp
Website:
Employees number:
1,621
Number of followers:
209,705
NAICS:
5112
Industry Type:
Homepage:
mailchimp.com
IP Addresses:
0
Company ID:
INT_3209235
Scan Status:
In-progress
Intuit Mailchimp Company CyberSecurity Posture
mailchimp.com
The Mailchimpossibilities are endless when you create, automate, and optimize your marketing with Mailchimp.
Intuit Mailchimp A.I CyberSecurity Scoring
Intuit Mailchimp Risk Score (AI oriented)Between 0 and 549
Intuit Mailchimp
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Intuit Mailchimp Global Score (TPRM)XXXX
Intuit Mailchimp
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Intuit Mailchimp Company CyberSecurity News & History
Past Incidents
6
Attack Types
2
Intuit Mailchimp
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: MailChimp fell victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors. Hackers managed to obtain employee credentials and gained access to an internal customer support and account administration tool which affected the data of 133 customers. The information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.
Mailchimp
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Troy Hunt, founder of *Have I Been Pwned*, fell victim to a phishing attack targeting his **Mailchimp** account earlier this year. The incident occurred due to human error—fatigue, jetlag, and a fear-triggering phishing email—leading him to bypass existing technical safeguards. The attack exploited the absence of **phishing-resistant two-factor authentication (2FA)**, such as passkeys, on Mailchimp’s platform. His password manager failed to auto-complete credentials (a common issue), and he manually entered them on a spoofed login page. The breach underscored systemic vulnerabilities in Mailchimp’s security controls, particularly the reliance on outdated authentication methods and the lack of robust anti-phishing mechanisms. While the article does not specify the exact data compromised, phishing attacks of this nature often target **employee or user credentials**, which can escalate into broader account takeovers, data leaks, or downstream attacks on connected services. Hunt’s case highlights how even security-conscious individuals can be exploited, emphasizing the need for **mandatory phishing-resistant MFA** and behavioral AI-driven anomaly detection to mitigate human error. The incident reflects a broader trend where **reused credentials** (e.g., corporate emails tied to personal accounts) create attack vectors for threat actors, as seen in ransomware and credential-stuffing campaigns.
Intuit Mailchimp
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Email marketing firm MailChimp was targeted by hackers in a data breach incident. The hackers gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. The employees were also targeted in a social engineering attack that resulted in them losing their credential details. These credentials were apparently used to access 319 MailChimp accounts and export audience data from 102 customer accounts and also to access API keys for a number of customers. MailChimp notified all the impacted customers and recommended they enable two-factor authentication on their accounts.
Mailchimp
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Mailchimp experienced a phishing attack resulting in a data breach that compromised nearly 16,000 records of current and former mailing list subscribers. The phishing attack, targeted at Have I Been Pwned Administrator Troy Hunt, was executed through a malicious email that redirected to a fraudulent phishing site that captured Hunt's credentials. Despite the use of two-factor authentication, the automated nature of the attack allowed for rapid data extraction. Cloudflare has since taken down the phishing site, while the extent of data retention by Mailchimp from unsubscribed users remains unclear.
Mailchimp
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Everest ransomware group claimed responsibility for breaching Mailchimp, a popular marketing platform. The group stole a 767 MB database containing 943,536 lines of data, including internal company documents and personal information of clients. The leaked dataset includes structured business information such as domain names, company emails, phone numbers, city and country details, GDPR region labels, social media links, and information about hosting providers. Many entries also list the technology stacks used by the companies.
Mailchimp
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers ( only if no ransomware )
Description: The ransomware group Everest claimed to have stolen 767 MB of sensitive data from email marketing giant Mailchimp. The stolen data includes 943,536 lines of internal company documents, which the group threatened to leak if Mailchimp did not pay a ransom. Despite the claim, the cybersecurity community mocked the size of the data leak, deeming it relatively small for a company of Mailchimp's size. The incident highlights the risks associated with ransomware attacks and the potential exposure of sensitive information.
Intuit Mailchimp Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Intuit Mailchimp
Incidents vs Software Development Industry Average (This Year)
Intuit Mailchimp has 809.09% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Intuit Mailchimp has 525.0% more incidents than the average of all companies with at least one recorded incident.
Incident Types Intuit Mailchimp vs Software Development Industry Avg (This Year)
Intuit Mailchimp reported 4 incidents this year: 0 cyber attacks, 2 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
Incident History — Intuit Mailchimp (X = Date, Y = Severity)
Intuit Mailchimp cyber incidents detection timeline including parent company and subsidiaries
Intuit Mailchimp Company Subsidiaries
The Mailchimpossibilities are endless when you create, automate, and optimize your marketing with Mailchimp.
Loading...
Intuit Mailchimp Similar Companies
Upwork is the world’s work marketplace that connects businesses with independent talent from across the globe. We serve everyone from one-person startups to large, Fortune 100 enterprises with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unloc
A problem isn't truly solved until it's solved for all. Googlers build products that help create opportunities for everyone, whether down the street or across the globe. Bring your insight, imagination and a healthy disregard for the impossible. Bring everything that makes you unique. Together, we c
Bosch Global Software Technologies
With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever
Rakuten
Rakuten Group, Inc. (TSE: 4755) is a global technology leader in services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to 2 billion m
Alibaba Group
🌍Alibaba Group is on a mission to make it easy to do business anywhere! Guided by our passion and imagination, we’re leading the way in AI, cloud computing and e-commerce. We aim to build the future infrastructure of commerce, and we aspire to be a good company that lasts for 102 years.
Grab
Grab is Southeast Asia’s leading superapp, offering a suite of services consisting of deliveries, mobility, financial services, enterprise and others. Grabbers come from all over the world, and we are united by a common mission: to drive Southeast Asia forward by creating economic empowerment for ev
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
GlobalLogic
GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital prod
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
.png)
Intuit Mailchimp CyberSecurity News
August 01, 2025 07:00 AM
Everest’s Mailchimp hacking claims downplayed
Cybernews reports that widely used email marketing platform Mailchimp was claimed to have been compromised by the Everest ransomware gang,...
July 09, 2025 06:22 AM
How top marketers harness AI from Intuit Mailchimp’s report
Intuit Mailchimp's latest report reveals that 74% of marketers use AI, with top performers leveraging it for predictive analytics campaigns.
June 03, 2025 07:00 AM
Kaseya’s New CEO, Rania Succar, Takes the Reins With Goal of Driving MSP Success
Tech executive Rania Succar, who previously was a business leader at QuickBooks Money and at Intuit Mailchimp, was today named as the new CEO of cybersecurity...
June 03, 2025 07:00 AM
Kaseya Appoints Rania Succar as Chief Executive Officer
PRNewswire/ -- Kaseya, the leading global provider of AI-powered IT management and cybersecurity software, today announced the appointment...
April 14, 2025 07:00 AM
Amazon’s Karthik Sathuragiri joins CrowdStrike
Cybersecurity firm CrowdStrike has appointed Karthik Sathuragiri as director and head of marketing for India and South Asia, according to his LinkedIn profile.
April 03, 2025 07:00 AM
OpenAI just made its first cybersecurity investment
New York-based Adaptive Security has raised a $43 million Series A co-led by OpenAI's startup fund and Andreessen Horowitz, it announced Wednesday.
March 27, 2025 07:00 AM
Security Expert Troy Hunt Falls Victim to Phishing Attack
Even cybersecurity experts aren't immune to sophisticated phishing attacks—just ask Troy Hunt, the creator of "Have I Been Pwned," who...
March 26, 2025 07:00 AM
'Have I Been Pwned' creator falls victim to scam
The Australian cybersecurity expert behind Have I Been Pwned — a prominent website used to track information leaked in data breaches — says...
March 25, 2025 07:00 AM
Have I Been Pwned Creator pwned: even cyber pros fall for phishing attacks
Security expert Troy Hunt falls victim to a sophisticated phishing attack while tired, exposing 16000 email addresses from his Mailchimp...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Intuit Mailchimp CyberSecurity History Information
Official Website of Intuit Mailchimp
The official website of Intuit Mailchimp is http://mailchimp.com.
Intuit Mailchimp’s AI-Generated Cybersecurity Score
According to Rankiteo, Intuit Mailchimp’s AI-generated cybersecurity score is 240, reflecting their Critical security posture.
How many security badges does Intuit Mailchimp’ have ?
According to Rankiteo, Intuit Mailchimp currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Intuit Mailchimp have SOC 2 Type 1 certification ?
According to Rankiteo, Intuit Mailchimp is not certified under SOC 2 Type 1.
Does Intuit Mailchimp have SOC 2 Type 2 certification ?
According to Rankiteo, Intuit Mailchimp does not hold a SOC 2 Type 2 certification.
Does Intuit Mailchimp comply with GDPR ?
According to Rankiteo, Intuit Mailchimp is not listed as GDPR compliant.
Does Intuit Mailchimp have PCI DSS certification ?
According to Rankiteo, Intuit Mailchimp does not currently maintain PCI DSS compliance.
Does Intuit Mailchimp comply with HIPAA ?
According to Rankiteo, Intuit Mailchimp is not compliant with HIPAA regulations.
Does Intuit Mailchimp have ISO 27001 certification ?
According to Rankiteo,Intuit Mailchimp is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Intuit Mailchimp
Intuit Mailchimp operates primarily in the Software Development industry.
Number of Employees at Intuit Mailchimp
Intuit Mailchimp employs approximately 1,621 people worldwide.
Subsidiaries Owned by Intuit Mailchimp
Intuit Mailchimp presently has no subsidiaries across any sectors.
Intuit Mailchimp’s LinkedIn Followers
Intuit Mailchimp’s official LinkedIn profile has approximately 209,705 followers.
NAICS Classification of Intuit Mailchimp
Intuit Mailchimp is classified under the NAICS code 5112, which corresponds to Software Publishers.
Intuit Mailchimp’s Presence on Crunchbase
No, Intuit Mailchimp does not have a profile on Crunchbase.
Intuit Mailchimp’s Presence on LinkedIn
Yes, Intuit Mailchimp maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/intuitmailchimp.
Cybersecurity Incidents Involving Intuit Mailchimp
As of November 28, 2025, Rankiteo reports that Intuit Mailchimp has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
Intuit Mailchimp has an estimated 26,733 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Intuit Mailchimp ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
How does Intuit Mailchimp detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with notified impacted customers, remediation measures with recommended two-factor authentication, and third party assistance with cloudflare, and containment measures with public disclosure as awareness, containment measures with password reset, and communication strategy with transparency via interview (frontier enterprise), communication strategy with blog post (personal disclosure)..
Incident Details
Can you provide details on each incident ?
Title: MailChimp Data Breach
Description: Email marketing firm MailChimp was targeted by hackers in a data breach incident. The hackers gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. The employees were also targeted in a social engineering attack that resulted in them losing their credential details. These credentials were apparently used to access 319 MailChimp accounts and export audience data from 102 customer accounts and also to access API keys for a number of customers. MailChimp notified all the impacted customers and recommended they enable two-factor authentication on their accounts.
Type: Data Breach
Attack Vector: Social EngineeringPhishing
Vulnerability Exploited: Stolen Credentials
Motivation: Data Theft
Title: MailChimp Social Engineering Attack
Description: MailChimp fell victim to a social engineering attack that threat actors successfully performed on the company's employees and contractors. Hackers managed to obtain employee credentials and gained access to an internal customer support and account administration tool which affected the data of 133 customers. The information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.
Type: Social Engineering Attack
Attack Vector: Phishing
Vulnerability Exploited: Human vulnerability through social engineering
Motivation: Data theft for potential phishing attacks
Title: Mailchimp Data Breach
Description: Mailchimp experienced a phishing attack resulting in a data breach that compromised nearly 16,000 records of current and former mailing list subscribers. The phishing attack, targeted at Have I Been Pwned Administrator Troy Hunt, was executed through a malicious email that redirected to a fraudulent phishing site that captured Hunt's credentials. Despite the use of two-factor authentication, the automated nature of the attack allowed for rapid data extraction. Cloudflare has since taken down the phishing site, while the extent of data retention by Mailchimp from unsubscribed users remains unclear.
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Credential Theft
Title: Mailchimp Data Breach by Everest Ransomware Group
Description: The Everest ransomware group claimed responsibility for breaching Mailchimp, stealing a 767 MB database containing internal company documents and personal information of clients.
Type: Data Breach
Attack Vector: Ransomware
Threat Actor: Everest Ransomware Group
Motivation: Double Extortion (Encryption and Data Theft)
Title: Ransomware operators Everest adds Mailchimp to their data leak site
Description: Russian ransomware gang Everest claims to have stolen 767 MB of sensitive data from email marketing giant Mailchimp and threatened to release it if the ransom is not paid.
Type: Ransomware
Attack Vector: Data exfiltration
Threat Actor: Everest
Motivation: Financial gain
Title: Troy Hunt Phishing Incident (Have I Been Pwned Founder)
Description: Troy Hunt, founder of *Have I Been Pwned*, fell victim to a phishing attack in early 2024. The incident underscored the persistent risk of human error in cybersecurity, even among experts. Hunt described the attack as exploiting a moment of vulnerability (jetlag, fatigue, and fear-triggered urgency) to bypass technical controls like password managers and lack of phishing-resistant 2FA (e.g., passkeys). The case highlights gaps in enterprise security policies, particularly around credential reuse, social engineering, and the shared responsibility between technical safeguards and human behavior. Hunt emphasized that organizations often misjudge AI-driven threats (which remain rare compared to traditional attacks like credential stuffing) while overlooking human attack surfaces, such as help desk operators targeted by groups like *Scattered Spider*.
Date Publicly Disclosed: 2024
Type: Phishing
Attack Vector: Email PhishingCredential ReuseLack of Phishing-Resistant 2FA
Vulnerability Exploited: Human Error (Fatigue/Jetlag)Password Manager BypassAbsence of Passkey SupportURL Spoofing
Motivation: Credential TheftAccount Takeover
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Social Engineering, Phishing Email and Phishing Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach INT224512522
Data Compromised: Audience data, Api keys
Systems Affected: Customer Support ToolsAccount Management Tools
Incident : Social Engineering Attack INT20719123
Data Compromised: Names, Store urls, Addresses, Email addresses
Systems Affected: internal customer support and account administration tool
Incident : Data Breach INT814032625
Data Compromised: 16,000 records
Incident : Data Breach INT529080125
Data Compromised: Internal company documents, Personal documents and information of clients
Incident : Ransomware INT835080125
Data Compromised: Internal company documents
Brand Reputation Impact: Mockery from the cybersecurity community
Incident : Phishing INT4203942110425
Data Compromised: Personal credentials (mailchimp account)
Systems Affected: Mailchimp Account
Brand Reputation Impact: Minimal (publicly disclosed as a learning example)
Identity Theft Risk: Potential (if credentials reused elsewhere)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Audience Data, Api Keys, , Names, Store Urls, Addresses, Email Addresses, , Domain Names, Company Emails, Phone Numbers, City And Country Details, Gdpr Region Labels, Social Media Links, Information About Hosting Providers, Technology Stacks, , Internal company documents, Email Credentials and .
Which entities were affected by each incident ?
Incident : Data Breach INT224512522
Entity Name: MailChimp
Entity Type: Company
Industry: Email Marketing
Customers Affected: 102
Incident : Social Engineering Attack INT20719123
Entity Name: MailChimp
Entity Type: Company
Industry: Email Marketing
Customers Affected: 133
Incident : Data Breach INT814032625
Entity Name: Mailchimp
Entity Type: Email Marketing Service
Industry: Technology
Customers Affected: 16,000 records
Incident : Data Breach INT529080125
Entity Name: Mailchimp
Entity Type: Company
Industry: Marketing Platform
Incident : Ransomware INT835080125
Entity Name: Mailchimp
Entity Type: Company
Industry: Email Marketing
Size: 14 million active users
Incident : Phishing INT4203942110425
Entity Name: Have I Been Pwned
Entity Type: Cybersecurity Service
Industry: Information Technology
Location: Global (Founder based in Australia)
Incident : Phishing INT4203942110425
Entity Name: Troy Hunt (Individual)
Entity Type: Person
Industry: Cybersecurity
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach INT224512522
Remediation Measures: Notified Impacted CustomersRecommended Two-Factor Authentication
Incident : Data Breach INT814032625
Third Party Assistance: Cloudflare.
Incident : Phishing INT4203942110425
Containment Measures: Public Disclosure as AwarenessPassword Reset
Communication Strategy: Transparency via Interview (Frontier Enterprise)Blog Post (Personal Disclosure)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cloudflare, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach INT224512522
Type of Data Compromised: Audience data, Api keys
Number of Records Exposed: 102
Incident : Social Engineering Attack INT20719123
Type of Data Compromised: Names, Store urls, Addresses, Email addresses
Number of Records Exposed: 133
Sensitivity of Data: Medium
Incident : Data Breach INT814032625
Number of Records Exposed: 16,000
Incident : Data Breach INT529080125
Type of Data Compromised: Domain names, Company emails, Phone numbers, City and country details, Gdpr region labels, Social media links, Information about hosting providers, Technology stacks
Number of Records Exposed: 943536
Sensitivity of Data: Medium
File Types Exposed: spreadsheet-style rows
Incident : Ransomware INT835080125
Type of Data Compromised: Internal company documents
Number of Records Exposed: 943,536 lines
Sensitivity of Data: Sensitive
Data Exfiltration: Yes
Incident : Phishing INT4203942110425
Type of Data Compromised: Email credentials
Number of Records Exposed: 1 (Personal Account)
Sensitivity of Data: Moderate (Potential for Reuse in Other Services)
Personally Identifiable Information: Email AddressPassword
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Notified Impacted Customers, Recommended Two-Factor Authentication, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by public disclosure as awareness, password reset and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Phishing INT4203942110425
Lessons Learned: Human error remains a critical attack vector, even for cybersecurity experts., Technical controls (e.g., phishing-resistant 2FA like passkeys) are essential but often lacking in mainstream services., Organizations must balance AI-driven defenses with human-centric training to mitigate social engineering risks., Transparency in breach disclosure builds trust, though corporate incentives often prioritize shareholder protection over victim support., Credential reuse across personal/corporate accounts creates systemic vulnerabilities.
What recommendations were made to prevent future incidents ?
Incident : Data Breach INT224512522
Recommendations: Enable Two-Factor Authentication
Incident : Phishing INT4203942110425
Recommendations: Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Prepare breach disclosure plans proactively, prioritizing victim communication., Monitor dark web for credential dumps linked to corporate domains.Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Prepare breach disclosure plans proactively, prioritizing victim communication., Monitor dark web for credential dumps linked to corporate domains.Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Prepare breach disclosure plans proactively, prioritizing victim communication., Monitor dark web for credential dumps linked to corporate domains.Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Prepare breach disclosure plans proactively, prioritizing victim communication., Monitor dark web for credential dumps linked to corporate domains.Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Prepare breach disclosure plans proactively, prioritizing victim communication., Monitor dark web for credential dumps linked to corporate domains.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Human error remains a critical attack vector, even for cybersecurity experts.,Technical controls (e.g., phishing-resistant 2FA like passkeys) are essential but often lacking in mainstream services.,Organizations must balance AI-driven defenses with human-centric training to mitigate social engineering risks.,Transparency in breach disclosure builds trust, though corporate incentives often prioritize shareholder protection over victim support.,Credential reuse across personal/corporate accounts creates systemic vulnerabilities.
References
Where can I find more information about each incident ?
Incident : Data Breach INT529080125
Source: Hackread.com
Incident : Ransomware INT835080125
Source: vx-underground
Incident : Phishing INT4203942110425
Source: Frontier Enterprise Interview with Troy Hunt
Date Accessed: 2024
Incident : Phishing INT4203942110425
Source: Troy Hunt's Blog (Personal Phishing Incident Disclosure)
Date Accessed: 2024
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.com, and Source: vx-underground, and Source: Frontier Enterprise Interview with Troy HuntDate Accessed: 2024, and Source: Troy Hunt's Blog (Personal Phishing Incident Disclosure)Date Accessed: 2024.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Phishing INT4203942110425
Investigation Status: Disclosed (No Formal Investigation Mentioned)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Transparency Via Interview (Frontier Enterprise) and Blog Post (Personal Disclosure).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Phishing INT4203942110425
Customer Advisories: Public awareness via media interviews and blog posts.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Awareness Via Media Interviews And Blog Posts. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach INT224512522
Entry Point: Social Engineering
Incident : Data Breach INT814032625
Entry Point: Phishing Email
High Value Targets: Troy Hunt,
Data Sold on Dark Web: Troy Hunt,
Incident : Phishing INT4203942110425
Entry Point: Phishing Email
High Value Targets: Mailchimp Account (Potential For Further Exploitation),
Data Sold on Dark Web: Mailchimp Account (Potential For Further Exploitation),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach INT224512522
Root Causes: Stolen Credentials, Social Engineering,
Corrective Actions: Enable Two-Factor Authentication,
Incident : Phishing INT4203942110425
Root Causes: Lack Of Phishing-Resistant Authentication Methods In Mailchimp., Human Vulnerability (Fatigue, Urgency) Overriding Security Habits., Password Manager Limitations In Detecting Spoofed Urls., Credential Reuse Risk (Personal/Corporate Overlap).,
Corrective Actions: Advocacy For Passkey Adoption In Consumer Services., Public Education On Social Engineering Red Flags., Encouraging Organizations To Treat Breaches As Inevitable And Plan Responses.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cloudflare, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enable Two-Factor Authentication, , Advocacy For Passkey Adoption In Consumer Services., Public Education On Social Engineering Red Flags., Encouraging Organizations To Treat Breaches As Inevitable And Plan Responses., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Everest Ransomware Group and Everest.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Audience Data, API Keys, , names, store URLs, addresses, email addresses, , 16,000 records, internal company documents, personal documents and information of clients, , Internal company documents, Personal Credentials (Mailchimp Account) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Customer Support ToolsAccount Management Tools and internal customer support and account administration tool and Mailchimp Account.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cloudflare, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Public Disclosure as AwarenessPassword Reset.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were addresses, store URLs, personal documents and information of clients, 16,000 records, names, Internal company documents, Personal Credentials (Mailchimp Account), API Keys, email addresses, Audience Data and internal company documents.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 961.3K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Credential reuse across personal/corporate accounts creates systemic vulnerabilities.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor dark web for credential dumps linked to corporate domains., Train employees on recognizing social engineering tactics, especially during high-stress scenarios (e.g., travel)., Enable Two-Factor Authentication, Implement phishing-resistant 2FA (e.g., passkeys) universally., Enhance password manager integrations to flag suspicious URL changes., Prepare breach disclosure plans proactively and prioritizing victim communication..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Hackread.com, Troy Hunt's Blog (Personal Phishing Incident Disclosure), vx-underground and Frontier Enterprise Interview with Troy Hunt.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (No Formal Investigation Mentioned).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Public awareness via media interviews and blog posts.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Phishing Email and Social Engineering.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Stolen CredentialsSocial Engineering, Lack of phishing-resistant authentication methods in Mailchimp.Human vulnerability (fatigue, urgency) overriding security habits.Password manager limitations in detecting spoofed URLs.Credential reuse risk (personal/corporate overlap)..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enable Two-Factor Authentication, Advocacy for passkey adoption in consumer services.Public education on social engineering red flags.Encouraging organizations to treat breaches as inevitable and plan responses..
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=intuitmailchimp' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
