It finally happened - I got phished. Impact is limited to the Mailchimp mailing list for my blog, brief blog post with details here and more to come later: troyhunt.com/a-sneaky-phish-ju…
A Sneaky Phish Just Grabbed my Mailchimp Mailing List
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into m…Troy Hunt
Pseudo Nym reshared this.
9x0rg
in reply to Troy Hunt • • •Argh, sorry for you!
Interesting point:
> The export also includes [the email address of] people who've unsubscribed.
Curious to know what Mailchimp has to say about it.
Troed Sångberg
in reply to Troy Hunt • • •I have to admit not knowing how passkeys protect against this. I've been under the impression that a password manager and passkeys have the same security.
(And yes, I agree - it's a problem sites use so many different authentication endpoints that we're used to our password managers not being able to autofill!)
Jeremy Baumgartner
in reply to Troy Hunt • • •Thank you for the writeup.
This just goes to show that ANYONE can be targeted and compromised.
It's not if, it's when. We need to plan accordingly.
Troy Hunt
in reply to Troy Hunt • • •