Sure -- AFAIK the problem was that Mailchimp was hacked, and the hacker was able... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		l_t on Jan 5, 2018 \| parent \| context \| favorite \| on: Mailgun Security Incident and Important Customer I... Sure -- AFAIK the problem was that Mailchimp was hacked, and the hacker was able to see and intercept the password reset links being sent to the customer by looking at Mailchimp log data. This option indicates that links should not be stored in log data, so even if an attacker has compromised your Mandrill account, they should be unable to see the exact reset links that are being sent. edit: worth noting that there are obviously other ways a hacked Mandrill/Mailchimp account could be abused. This just shuts down one of the major abuses you could perform.

pilsetnieks on Jan 6, 2018 | [–]

Mailgun, not Mailchimp.

Those are two entirely separate companies (unlike Mandrill and Mailchimp which is the same company.)

linkmotif on Jan 5, 2018 | [–]

Thanks. I did indeed miss critical parts of the post. I will review again.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact