Have I Been Pwned’s creator Troy Hunt has disclosed that phishers compromised his Mailchimp account exfiltrating the mailing list for his blog and exposing the email addresses of 16,000 subscribers. He posted the details here:
https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
It’s never a good day when the guy who lets you know if you’ve been pwned or not gets pwned. Anyway, Erich Kron, security awareness advocate at KnowBe4, commented:
“This is an example of how even a seasoned professional can fall victim to a well done phishing attack. Social engineering is largely getting the right message to the right person at the right time, and that combination can lead to unfortunate situations such as this. This is one reason we should avoid shaming users who have made a mistake and potentially clicked on a link or performed some other action. Organizations should work toward a security culture that celebrates reporting and a way to receive guidance on something that may seem odd or out of place, without worrying about being made to feel bad about an inquiry.
Fortunately, in this case there was not a lot of information available, and Mr. Hunt deserves kudos for speaking about it publicly, admitting his error and using this to help educate others.”
This should highlight the fact that we are all vulnerable to phishing, social engineering, or any multitude of attacks. Thus every one of us needs to be on guard to ensure that everything that one can do to avoid being a victim is being done.
Related
This entry was posted on March 25, 2025 at 2:53 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Troy Hunt Says A Phishing Attack Led To Threat Actors Stealing The Email Addresses Of 16K Subscribers
Have I Been Pwned’s creator Troy Hunt has disclosed that phishers compromised his Mailchimp account exfiltrating the mailing list for his blog and exposing the email addresses of 16,000 subscribers. He posted the details here:
https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
It’s never a good day when the guy who lets you know if you’ve been pwned or not gets pwned. Anyway, Erich Kron, security awareness advocate at KnowBe4, commented:
“This is an example of how even a seasoned professional can fall victim to a well done phishing attack. Social engineering is largely getting the right message to the right person at the right time, and that combination can lead to unfortunate situations such as this. This is one reason we should avoid shaming users who have made a mistake and potentially clicked on a link or performed some other action. Organizations should work toward a security culture that celebrates reporting and a way to receive guidance on something that may seem odd or out of place, without worrying about being made to feel bad about an inquiry.
Fortunately, in this case there was not a lot of information available, and Mr. Hunt deserves kudos for speaking about it publicly, admitting his error and using this to help educate others.”
This should highlight the fact that we are all vulnerable to phishing, social engineering, or any multitude of attacks. Thus every one of us needs to be on guard to ensure that everything that one can do to avoid being a victim is being done.
Share this:
Like this:
Related
This entry was posted on March 25, 2025 at 2:53 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.