Humans aren’t infallible, as much as we’d like to be. That includes security experts, as Troy Hunt revealed yesterday. Turns out, the legend behind HaveIBeenPwned (a site that lets you see which data breaches you’ve been in) got phished when trying to log into Mailchimp.

In a post titled “ A Sneaky Phish Just Grabbed my Mailchimp Mailing List ,” Hunt runs down the situation, starting with how it began (jet lag and fatigue while traveling) and how it ended (the phisher capturing his credentials, logging in, and then exporting all 16,000 email addresses associated with his newsletter). If you’ve been affected, Hunt has already loaded those email addresses into the HaveIBeenPwned database. The list includes people who already unsubscribed from the newsletter—Mailchimp does not delete the

See Full Page