A Sneaky Phish Just Grabbed my Mailchimp Mailing List

Troy Hunt recounts being phished via a Mailchimp lookalike site that harvested his credentials and one-time password, enabling an automated export of approximately 16,000 subscriber records (including unsubscribed addresses). He documents alerts showing the login and export from another IP, the creation and deletion of an API key, coordination with Mailchimp to restore and secure the account, the limitations of OTP-based 2FA against relay phishing, concerns about retained unsubscribed addresses, and follow-up investigation including possible links to the Scattered Spider group.