The important thing to realize about the (recently) reported data breach at email newsletter service Mailchimp is that it wasn’t just Mailchimp’s customer data at risk.

Even if you’re not personally a Mailchimp customer, never heard of You may be affected by Mailchimp.

Customers of sportsbook and betting website FanDuel should be starting to notice this, as they received warnings earlier this month that their names and email addresses had been exposed.

Part of an email sent to you by FanDuel
Part of an email sent to you by FanDuel

Part of the email looks like this:

We recently received reports from a third-party technology vendor that sends transactional emails on behalf of clients like FanDuel that a security breach had occurred within their system, affecting multiple clients. On Sunday evening, the vendor confirmed that FanDuel’s customer name and her email address had been obtained by unauthorized actors. No customer passwords, financial account information, or other personal information was obtained in this incident.

While no personal information other than your name and email address was involved, we encourage all customers to take 4 important steps to protect their FanDuel account and keep them playing safely and securely. Recommended.

Claiming FanDuel was hacked is not accurate. Instead, FanDuel, like many other companies, outsourced newsletter management to Mailchimp. In other words, FanDuel was responsible for handling the newsletter’s subscriber database and sending emails to Mailchimp on their behalf.

If Mailchimp is sending emails properly, this is all fine and dandy. Securing Details of those subscribers.

Unfortunately Mailchimp didn’t do that (and not the first time…).

As such, FanDuel found themselves in the embarrassing position of contacting customers exposed by the compromise and warning them about their names and email addresses, even though their passwords, financial information, etc. were not exposed. that is It is now in the hands of cyber criminals.

And, if necessary, these criminals can craft compelling phishing emails to trick unsuspecting users into revealing passwords and other details.

e-mailsign up for newsletter
Security news, advice and tips.

We encourage FanDuel customers to exercise caution. Enable two-factor authentication (2FA) on your FanDuel account.

I think FanDuel and other companies affected by the Mailchimp data breach are pretty upset about their reputation being damaged by Mailchimp’s lax security.

Notifications to affected customers were like FanDuel, not to mention Mailchimp was the company that let the side down.

but, was mail chimp.

So now you know

Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst, makes regular media appearances and gives international lectures on computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog