MailChimp Hacked 24 hours after install
-
Installed the plug-in last week and the next day my account was compromised and contact list data stolen via an IP address in Amsterdam.
May just be a coincidence but wanted to bring this to your attention as all computers used here have been scanned as clean using sophos and given you are based in the Netherlands it just looks bad.
-
Hi Jared,
Whoa. I’m sorry to hear that. That definitely looks bad but rest assured, we have nothing to do with this. There is no communication between the plugin and any of our servers otherwise our plugin wouldn’t even be allowed to exist on the WordPress.org plugin repository.
If you’re on our premium plugin then there is some communication for receiving plugin updates, but we obviously do not include your API key in these requests. So even if our servers were compromised, there is no way of us gaining access to your account.
What exactly happened, did someone gain access to your MailChimp account through their API? If so, MailChimp’s API log will show you that.
Would you like to talk to us in more detail over email? I’d love to go over the details with you so we can look into what happened exactly.
Hi Danny,
Further update to our hacking incident and also an apology.
Yes, the source of the breach and the timing was purely a coincidence and obviously zero issues with the security or protection of your Plug-in.
We tracked down the breach with the help of Mail Chimp to a very authentic looking phishing email that one of my co-workers inadvertently clicked through to and entered our details on a spoofed login page.
Just wanted to update you and ensure that there is no implication that your plug-in could be involved.
Regards, Jared
- The topic ‘MailChimp Hacked 24 hours after install’ is closed to new replies.
