Hackers continue to exploit hijacked MailChimp accounts in cybercrime campaigns

MailChimp, a service that millions of people around the world use to send out email newsletters, is being abused by hackers to spam out malware.

Read more in my article on the Hot for Security blog.

MailChimp plugs a hole that could have leaked your email address

MailChimp has been leaking subscribers’ email addresses. But it’s not the biggest leak ever, and certainly not the most practical to exploit at a large scale.

Smashing Security podcast #050: MailChimp, Piers Morgan, and the Dark Overlord

There’s little time to celebrate our 50th episode, because there are rants to be had about MailChimp’s switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

I can no longer recommend MailChimp

MailChimp doesn’t seem to think double opt-in is a good idea for mailing lists anymore.

So, just how were those MailChimp accounts hacked?

A database containing over 2,000 MailChimp passwords has been found online.

MailChimp wasn’t hacked. Instead, the password-stealing Vawtrak malware might be to blame.

MailChimp accounts hacked to spam out malicious emails

Hackers broke into the MailChimp accounts of some businesses, and send out malicious invoice emails to subscribers… but that doesn’t mean that MailChimp suffered a serious security breach.

Once again, two-factor authentication could have saved users’ bacon.

Read more in my article on the We Live Security blog.

MailChimp tightens up security – will other email marketing services follow suit?

In the wake of the Epsilon megaleak, MailChimp introduces new features to help protect users’ mailing lists from being exploited by hackers.