CyberSecurity news

FlagThis

jane.mccallion@futurenet.com (Jane@itpro.com //
Infosec veteran Troy Hunt, the creator of HaveIBeenPwned, has been compromised in a Mailchimp phishing attack. The incident resulted in the theft of data belonging to over 16,000 newsletter subscribers. Hunt, who is usually known for helping people check if their credentials have been compromised, unfortunately became a victim himself. The attack highlights how even security experts can fall prey to sophisticated phishing schemes, and Hunt has blogged about the incident, providing details of the phishing email.

The attackers employed a well-crafted phishing email, designed to create a sense of urgency. The email informed Hunt that he was unable to send updates to his subscribers until he reviewed his account due to a spam complaint. Hunt entered his credentials and one-time passcode, but quickly realized his error. Although he changed his password, the attackers managed to export the mailing list in under two minutes. The stolen data included records of both active and former email subscribers.
Original img attribution: https://cdn.mos.cms.futurecdn.net/cNZLBdbFMucebEe8kjq7di-1200-80.jpg
ImgSrc: cdn.mos.cms.fut

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: Have I Been Pwned creator Troy Hunt says the data of over 16,000 newsletter subscribers has been stolen after he fell for a Mailchimp phishing attack
  • cyberinsider.com: Details the phishing attack on Troy Hunt's Mailchimp account, exposing subscriber data.
  • The Register - Security: Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish
  • DataBreaches.Net: Troy Hunt, owner of HaveIBeenPwned.com, writes: You know when you’re really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That’s me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the...
  • PCMag UK security: Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email.
  • Information Security Buzz: Security consultant and founder of the popular Troy Hunt, a security consultant who runs the popular data-breach search service Have I Been Pwned?, has disclosed that he has become a victim of a phishing attack that exposed the email addresses of 16,000 subscribers to his blog troyhunt.com.   “Every active subscriber on my list will shortly [...]
  • www.itpro.com: Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
  • www.csoonline.com: Even anti-scammers get scammed: security expert Troy Hunt pwned by phishing email
  • www.techradar.com: HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
  • heise Security: Have I Been Pwned: Projektbetreiber Troy Hunt gepwned Der Betreiber von Have I Been Pwned wurde selbst Opfer eines Phishing-Angriffs. Die E-Mails der Newsletter-Mailingliste wurden gestohlen.
  • Malwarebytes: Security expert Troy Hunt hit by phishing attack
  • bsky.app: Troy Hunt's mailing list got phished. Commiserations to him. If it can happen to Troy, it can probably happen to you.
Classification:
  • HashTags: #Phishing #Mailchimp #TroyHunt
  • Company: Mailchimp
  • Target: Troy Hunt's Subscribers
  • Attacker: Mailchimp Phishers
  • Product: Mailchimp
  • Feature: Credential Theft
  • Type: Phishing
  • Severity: Medium