Breach Database / Troy Hunt's Mailchimp List
Yes — Troy Hunt's Mailchimp List was breached.
- 16,627 accounts affected
- Breach occurred 2025-03-25 · troyhunt.com
- Verified entry in the Have I Been Pwned catalog
What happened
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
What data was exposed
- Email addresses
- Geographic locations
- IP addresses
- Latitude and longitude pairs
What to do right now
- Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
- Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
- Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.
Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.