back to article Mailchimp 'fesses up to second digital burglary in five months

Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack. This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a …

  1. getHandle

    Wait, what?

    Mailchimp is a legit company? I used to get so much junk from them that I assumed they were spammers. Not so much recently, though.

    1. Joe W Silver badge

      Re: Wait, what?

      Maybe somebody who got too much spam from them broke in and switched that off?

  2. The Oncoming Scorn Silver badge

    It's Time

    To talk to the organ grinders, not the monkeys

    1. David 132 Silver badge

      Re: It's Time

      Grinding their organs seems a bit harsh, but it's a deterrent I suppose...

  3. ElRegioLPL

    No idea how mailchimp remain the leader in this field. Their platform is too clunky and their prices... well. The less said the better, but there's a reason they got sold off for $12 billion.

    1. Anonymous Coward
      Anonymous Coward

      Customers love the visibility their dashboard provides over outbound email.

      It's also a lot less complicated / troublesome to work with than say Amazon SES.

      If you get blocked for an unknown reason on SES it takes a huge amount of effort and time to get unblocked, at least a week, whereas with Mailchimp, you can resolve the problem quite quickly!

      I migrated a client away from Amazon SES to mailchimp, specifically for website integration (password resets, activations etc) and the difference to the customer is night and day.

      I don't particularly like Mailchimp, but if you want a customer off your back for email monitoring and so on, it's the way to go.

  4. Anonymous Coward
    Anonymous Coward

    I was told to switch a system I worked on from using SparkPost to MailChimp after we were acquired by another company. Oh dear.

    SparkPost has a great API that's well documented, and their system is very reliable. Whereas MailChimp (or MailGimp as I soon christened it) has an appalling API with poor documentation that includes arbitrary limits that you only find out by trial and error - such as limits on batch size for example.

    They also have a terrible way of managing recipient lists that decides perfectly valid email addresses are invalid as far as it's concerned. This will happen in bulk uploads of recipients, but the whole batch fails with cryptic errors.

    And the icing on the cake is they're ridiculously expensive for anything but the lowest volumes.

    1. Anonymous Coward
      Anonymous Coward

      Yeah, but getting your head around a dodgy API is a problem you only have once, because once you have figured it out, it's done. Customer visibility and monitoring of the mail queue is something that happens it needs to be solid for an easy life.

      I'd rather deal with a tricky API than use a platform that a customer struggles to gain visibility least if the customers have excellent visibility they aren't climbing up your ass to chase red herrings around...

      Never pick a solution that trades off your customers experience for your own. Because ultimately it will bite you in the ass and picking something the customer can interact with and gain decent visibility through will give you an easier life in the long run.

    2. Anonymous Coward
      Anonymous Coward

      Traditionally, if you wanted cheap, you'd build your own POSTFIX server, deal with the DKIM, SPF, reverse DNS and IP trust scores yourself...which entails monitoring your domain and IP reputation and keeping a spare IP or two just in case you have to switch over if one IP gets "blown out" this situation, if the customer is saving money, it's probably at your expense.


      Your customer spends a little more, gets a very nice dashboard that they can monitor themselves, which keeps them off your back and all the reputational stuff is handled by a third party.

      Personally, I hate fucking around with gets more painful as time goes on...I'd rather set it and forget it and let someone else monitor it and deal with the "what does this error code mean?" occasional question.

      Yes, you can bill a couple of extra hours to set up the POSTFIX box, but is it worth it for you in the long run? Probably not.

  5. Claptrap314 Silver badge

    "security of users' data, seriously."

    Slight transcription error, there. I expect the situation makes more sense to the author now.

  6. Alistair


    Essentially oiled Himilayan Salt mail, or a Gwyn Paltrow subsidiary?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like