MailChimp, a service that millions of people around the world use to send out email newsletters, is being abused by hackers to spam out malware.
Read more in my article on the Hot for Security blog.
MailChimp has been leaking subscribers’ email addresses. But it’s not the biggest leak ever, and certainly not the most practical to exploit at a large scale.
There’s little time to celebrate our 50th episode, because there are rants to be had about MailChimp’s switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
MailChimp doesn’t seem to think double opt-in is a good idea for mailing lists anymore.
A database containing over 2,000 MailChimp passwords has been found online.
MailChimp wasn’t hacked. Instead, the password-stealing Vawtrak malware might be to blame.
Hackers broke into the MailChimp accounts of some businesses, and send out malicious invoice emails to subscribers… but that doesn’t mean that MailChimp suffered a serious security breach.
Once again, two-factor authentication could have saved users’ bacon.
Read more in my article on the We Live Security blog.
In the wake of the Epsilon megaleak, MailChimp introduces new features to help protect users’ mailing lists from being exploited by hackers.