We take account security seriously at Mailchimp. If you're concerned your account may be compromised, or is under threat of being compromised, it’s best to act quickly. This can be a scary situation, but we can help.
In this article, you’ll learn what to do if you think your account has been compromised.
How Do I know If My Account Is Compromised?
Here are some common indicators that an account may have been compromised.
- You think your list has been stolen.
- You see an increase of contacts on your list reporting they have received spam from you.
- When you attempt to log in, you see an error message that says the account does not exist.
- You received an unexpected email from Mailchimp staff or service teams. This may include forgot username emails or password reset emails you didn’t request.
It’s possible that a Mailchimp customer with a similar username may request a password change and mistakenly type in your username. Don’t worry! They won’t be able to change your password or view your account. Only you will receive the password reset request email.
If you can't log in to your account, double-check that you’re typing in the correct username and password. It’s possible that if multiple users on the account share login credentials, another user might have changed the username, password, or both. Check with your account users to see if they’ve changed any account settings recently.
Reasons This May Have Happened
There are two ways account compromises normally happen.
The most common scenario is a former employee or business partner had access to your Mailchimp account and tried to undermine or disrupt access to your account. As you can imagine, this scenario usually gets resolved in court. If you need to contact our General Counsel or to send court orders preserving account data for your case, use this form.
It’s also possible your computer has been infected with malware that logs everything you type. All your passwords, including your Mailchimp password, can be stolen by the hacker and re-sold to people who want access to organizations' email marketing accounts so they can take your information or send emails from your account.
Protect a Compromised Account
If you believe your account has been compromised, send us an email from a secure email address and let us know what’s going on. We’ll turn off login and send capabilities on the Mailchimp account, just until you can reset your data.
Then, when you’re able to log in, you’ll reset this information in your account:
After you’ve changed your information, delete any active API keys and recreate new keys.
Charges for Stolen Accounts
If your Mailchimp account has been stolen, the last thing you're probably thinking about are Mailchimp fees. But rest assured, you won't be charged for any campaigns sent by the person who broke into your account.