Hi Jared,
Whoa. I’m sorry to hear that. That definitely looks bad but rest assured, we have nothing to do with this. There is no communication between the plugin and any of our servers otherwise our plugin wouldn’t even be allowed to exist on the WordPress.org plugin repository.
If you’re on our premium plugin then there is some communication for receiving plugin updates, but we obviously do not include your API key in these requests. So even if our servers were compromised, there is no way of us gaining access to your account.
What exactly happened, did someone gain access to your MailChimp account through their API? If so, MailChimp’s API log will show you that.
Would you like to talk to us in more detail over email? I’d love to go over the details with you so we can look into what happened exactly.
Hi Danny,
Further update to our hacking incident and also an apology.
Yes, the source of the breach and the timing was purely a coincidence and obviously zero issues with the security or protection of your Plug-in.
We tracked down the breach with the help of Mail Chimp to a very authentic looking phishing email that one of my co-workers inadvertently clicked through to and entered our details on a spoofed login page.
Just wanted to update you and ensure that there is no implication that your plug-in could be involved.
Regards, Jared
-
This reply was modified 6 years, 8 months ago by jaredths.