16,000 stolen records pertain to former and active mail subscribers
March 25, 2025 By Connor Jones
Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.
He said the list comprises around 16,000 records and every active subscriber will be receiving a notification and apology email soon. Around half of these records (7,535), however, pertain to individuals who had unsubscribed from the list.
Hunt questioned why Mailchimp retained data on unsubscribed users and said he would investigate whether it was a configuration issue on his end. The Register has asked Mailchimp for comment.
A jet-lagged Hunt offered his apologies to those affected, saying he's "enormously frustrated with myself for having fallen for this."
The phish itself, he said, was "very well crafted," although he admitted his tiredness played a huge role in its success.