We take account security seriously at Mailchimp. If you're concerned your account may be compromised, or is under threat of being compromised, it’s best to act quickly and we can help.
In this article, you’ll learn what to do if you think your account has been compromised.
How do I know if my account is compromised?
Here are some common indicators that an account may have been compromised.
An increased number of contacts in your audience are reporting they have received spam from you.
You see an error message that says the account does not exist when you attempt to log in.
You received an unexpected email from Mailchimp staff or service teams. This may include username or password reset emails you didn’t request.
If you can’t log in to your account, here’s some possible reasons.
It’s possible that a Mailchimp customer with a similar username may request a password change and mistakenly type in your username. Don’t worry! They won’t be able to change your password or view your account. Only you will receive the password reset request email.
Double-check that you’re typing in the correct username and password. If multiple users on the account share login credentials, another user might have changed the username, password, or both. Check with your account users to see if they’ve changed any account settings recently.
How compromises may occur
Here's two ways account compromises can normally happen.
The most common scenario is a former employee or business partner had access to your Mailchimp account and tried to undermine or disrupt access to your account. This usually get resolved legally in court. If you need to contact our General Counsel or send court orders to preserve account data for your case, use this form.
Your computer could be infected with malware that logs everything you type. All your passwords, including your Mailchimp password, can be stolen by the hacker and re-sold to people who want access to organizations' email marketing accounts so they can send emails from your account.
Protect a compromised account
If you believe your account has been compromised, send us an email from a secure email address and let us know what’s going on. We’ll turn off login and send capabilities on the Mailchimp account, just until you can reset your data.
Once you're able to log in, you'll reset this information in your account.
If your Mailchimp account has been stolen, the last thing you're probably thinking about are Mailchimp fees. But rest assured, you won't be charged for any campaigns sent while your account was stolen.
We're Here to Help
If you have questions about your account, contact our support team.