Troy Hunt, founder of Have I Been Pwned, fell victim to a phishing attack targeting his Mailchimp account earlier this year. The incident occurred due to human error—fatigue, jetlag, and a fear-triggering phishing email—leading him to bypass existing technical safeguards. The attack exploited the absence of phishing-resistant two-factor authentication (2FA), such as passkeys, on Mailchimp’s platform. His password manager failed to auto-complete credentials (a common issue), and he manually entered them on a spoofed login page. The breach underscored systemic vulnerabilities in Mailchimp’s security controls, particularly the reliance on outdated authentication methods and the lack of robust anti-phishing mechanisms. While the article does not specify the exact data compromised, phishing attacks of this nature often target employee or user credentials, which can escalate into broader account takeovers, data leaks, or downstream attacks on connected services. Hunt’s case highlights how even security-conscious individuals can be exploited, emphasizing the need for mandatory phishing-resistant MFA and behavioral AI-driven anomaly detection to mitigate human error. The incident reflects a broader trend where reused credentials (e.g., corporate emails tied to personal accounts) create attack vectors for threat actors, as seen in ransomware and credential-stuffing campaigns.

The ransomware group Everest claimed to have stolen 767 MB of sensitive data from email marketing giant Mailchimp. The stolen data includes 943,536 lines of internal company documents, which the group threatened to leak if Mailchimp did not pay a ransom. Despite the claim, the cybersecurity community mocked the size of the data leak, deeming it relatively small for a company of Mailchimp's size. The incident highlights the risks associated with ransomware attacks and the potential exposure of sensitive information.

The Everest ransomware group claimed responsibility for breaching Mailchimp, a popular marketing platform. The group stole a 767 MB database containing 943,536 lines of data, including internal company documents and personal information of clients. The leaked dataset includes structured business information such as domain names, company emails, phone numbers, city and country details, GDPR region labels, social media links, and information about hosting providers. Many entries also list the technology stacks used by the companies.

Mailchimp experienced a phishing attack resulting in a data breach that compromised nearly 16,000 records of current and former mailing list subscribers. The phishing attack, targeted at Have I Been Pwned Administrator Troy Hunt, was executed through a malicious email that redirected to a fraudulent phishing site that captured Hunt's credentials. Despite the use of two-factor authentication, the automated nature of the attack allowed for rapid data extraction. Cloudflare has since taken down the phishing site, while the extent of data retention by Mailchimp from unsubscribed users remains unclear.

MailChimp fell victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors. Hackers managed to obtain employee credentials and gained access to an internal customer support and account administration tool which affected the data of 133 customers. The information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.

Email marketing firm MailChimp was targeted by hackers in a data breach incident. The hackers gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. The employees were also targeted in a social engineering attack that resulted in them losing their credential details. These credentials were apparently used to access 319 MailChimp accounts and export audience data from 102 customer accounts and also to access API keys for a number of customers. MailChimp notified all the impacted customers and recommended they enable two-factor authentication on their accounts.