I realized I sent this to Paul, but forgot to CC the list. So I’m sending this again.
Hi Paul (et al), Thank you for mentioning this. In the interest of being transparent, and because the folks here are more savvy to these types of issues, our anti-abuse team has been tracking a group of malicious actors who are using Mandrill user account credentials that were collected from outside of our systems to send the phishing mail you saw. The current batch of compromised accounts have been suspended until credentials are changed and secured, and we are monitoring for further cases. We are also proactively forcing password resets on any targeted Mailchimp users to ensure that these bad actors can’t gain access to the targeted victims. So don’t be surprised if you will need to reset your password for your Mailchimp account, Paul. For the emails that had used our click tracking, we are breaking the 302 redirects on our end, so that if a link is clicked it will error. But there are many that were sent that aren’t using our click tracking, and so we don’t have control over the links. For the cases where the phishing domain is using a cousin domain to Mailchimp, our legal team is also issuing takedowns with the web hosts. Unfortunately, some mail is still able to slip through the net. We are also unable to identify these compromised accounts before the malicious mail is sent, because the Mandrill account credentials are being harvested from sources outside of our systems, so we have no insight into vulnerable accounts until there is abuse. Generally speaking we advise all users to secure their passwords and API keys, but sometimes mistakes are made, like posting an API key on a publicly shared GitHub repo. I understand how frustrating this can be for you who have received one of these emails, and I personally thank you for keeping those tinfoil hats on tight. Thanks, Matt Gilbert -- Deliverability Engineer | Mailchimp delivery.mailchimp.com
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
