Jul 12, 2012

Yahoo Breach Announcement

Yahoo announced last night that one of their services suffered a data breach.

From the NYTimes: Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users

About 400,000 usernames and passwords were posted to the public by hackers.

What’s this have to do with MailChimp?

And since people tend to re-use their passwords at different websites and services, this problem could extend beyond Yahoo. It’s customary in these situations for us to compare the publicized usernames and passwords with our own users’ accounts, to see if anybody might be re-using the same username and password in MailChimp. So that’s what we did, and we found about 2,000 people who re-used their Yahoo usernames and passwords in MailChimp. An email has been sent to those users.

For security, we’ve suspended those accounts. If you see a strange message on your login screen that says your account has been set to "cannot send" mode, please contact our support team to get your account back online.

If you’re one of those users we had to suspend, sorry for the inconvenience (better safe than sorry when it comes to your email lists). If all this gives you the heebie-jeebies, that’s perfectly normal. Scary stuff out there. If you’re curious, here are some security measures we take, and some security features you can activate to protect your MailChimp account.