VA Directory

VA Directory - Connecting clients with Virtual Assistants

Email: [email protected]

  • Home
  • About
    • Articles
    • Testimonials
    • Privacy Policy
    • Terms & Conditions
  • For Clients – Post a Job
  • For VAs – Join Our Network
    • Choose Your Membership Level
    • Member Benefits
    • Membership
    • Become a VA
      • Creating websites for new VAs
      • Great VA Resources
      • VAs – Contractor or Employee?
      • What type of VA are you?
    • Member Renewal
  • Directory
  • VA Trainer – Start Your Own VA Business Today
  • VAD Blog
  • Contact Us
  • Login

MailChimp account hacked

This happened to a client of mine late last year and it was a challenging thing to get sorted and MailChimp people were wonderful, helping us through this.

What happened? Someone accessed her account, uploaded over a million addresses and started to send out phishing email saying that payment was due on an invoice and the recipient’s credit card was going to be charged. People began emailing and ringing my client anxious that she was going to charge their accounts for a large sum. Some were rude, many unsubscribed and when I became aware of it could see that emails were still going out via MailChimp. I halted it and contacted MailChimp support for help.

My poor client refused to answer the phone after some time – it was getting too overwhelming. Some of her clients contacted me because they wanted to know what was going on and couldn’t get hold of her. It was a real dilemma and challenge for my client, and for MailChimp too.  Further my client was billed a huge amount by MailChimp because of the huge addition to her mailing list.

What could have been done to prevent this activity? I believe there are a few things here that could have saved my client some grief and wasted time too, not to mention the loss of some of her subscriber list and people getting angry for something she didn’t do.

  • My client has had a multitude of people doing things for her over the years, often with the same password. If you are someone who uses VAs to support you, or you’re a VA taking over from someone else, I urge you to create a new password immediately. Whether it was someone who previously worked with her, or someone who had access to login details from a former worker, we have no way of knowing, but clearly changing it to a strong password would have helped in this regard.
  • I was very amazed that MailChimp had allowed a very large list to be uploaded to an account without having some sort of alarm system or alert in place – even if it’s to contact the client direct (not via the MailChimp system) to make sure that the activity was genuine. Perhaps they could have a payment system or something in place for increments of a list when it’s clear that a very large list is being uploaded.

Once MailChimp was aware that my client and I weren’t the ones uploading the list or sending out the phishing email they halted the process but it took several days before they could clean the account back to what it was and let my client have access again. In the meantime she couldn’t send a broadcast email to the remainder of her active list advising what had happened. All she could do was wait as she didn’t have a back up copy of her list on her computer either. It was one of the first things we did when she could log in again.

Once my client had regained access to her MailChimp account, an email was sent out with an apology and assuring all her subscriber list that she didn’t have their credit card details and certainly had no reason to be invoicing them or charging them for anything.

I believe it’s important for us, as VAs, to protect our clients’ accounts and keep things as safe as possible. Alert them to possible problems, advise them that you feel passwords should be changed. I had mentioned before how important it was and this very happening was timely, but costly, for my client’s business. Consequently passwords for everything got changed thereafter.

Make sure you don’t use easy passwords either. Family names, birth dates, postal codes and places of living or birth are out. You can use an online password generator but then have to remember what the different passwords are. I often find using a six lettered word, split in half, with the initials of the account, MC for MailChimp, for example, plus some symbols and numbers inserted in the middle and around the word are a good way to remember passwords while making them at least 10 characters long and stronger.

Kathie Thomas

Kathie is the former owner of VA Directory and is former past President of the Australian VA Association. She founded the Virtual Assistant industry in Australia in the mid 90s, having already been operating a home-based secretarial service. Today the VA industry covers a multitude of office-based services for clients worldwide.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Our most recent posts

  • VA Trainer Limited Time Offer
  • Tax Time … Some Useful Tips
  • Finding Clients

Read our other posts

Newsletter

Signup for our news and business information.

Thank you!

You have successfully joined our subscriber list.

.

About

Proudly run and owned by Anita Kilkenny

 

VA Directory was established in March 1994 by Kathie M. Thomas.

  • Email
  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest
  • Twitter

Sign up to our Newsletter

Newsletter

Signup for our news and business information.






Thank you!

You have successfully joined our Newsletter list.


Connect With Us

VA Directory
PO Box 5305
Mordialloc, Vic, 3195, Australia

E: [email protected]

Terms & Conditions

Please note: Anyone scraping contact details from our site for the purposes of spamming, adding to lists, etc, will be reported.

Copyright © 2025 · Enterprise Pro on Genesis Framework · WordPress · Log in