Last week’s MailChimp hack and subsequent malicious still not sufficently explained… I’ll wager the RCA (if one was accomplished) points to deeper process issues than meets causual insepection. Perhaps stronger customer guidance on information security matters is in order (if, in fact, the cause was customer exploitation, rather thn in-built flaws in the MailChimp infrastructure. In any case, you be the judge.

"A MailChimp spokesperson confirmed that it had reset passwords on the accounts included in the data dump": "Our team has obtained the data from the security researcher. They’ve validated usernames with our user base, and have forced password resets on the affected users. – via the inimitable Graham Cluley at**

Source: Security Bloggers Network @ November 28, 2016 at 02:36PM