Hackers says they attacked Mailchimp and stole user data - and the community laughed it off
Stolen "MailChimp" haul described as, "a droplet in the sea"

- Ransomware operators Everest adds Mailchimp to their data leak site
- They claimed to have stolen 767 MB of sensitive data
- The community mocked the size of the archive
Russian ransomware gang Everest says it recently broke into email marketing giant Mailchimp, left samples on its dark web site, and gave the company a few days to step up and pay, or face the consequences. But instead of causing a stir - the group became a laughing stock of the cybersecurity community.
Mailchimp is one of the most popular platforms in its industry, with more than 14 million active users, so when cybercriminals break in and steal data - the community expects a large database with plenty of juicy intel inside.
Everest, however, exfiltrated “only” 767MB of information, which includes 943,536 lines, and apparently include “Internal company documents”.
"Remarkably small"
“The leak of your internal company documents contains a huge variety of personal documents and information of clients,” Everest apparently said on its data leak site.
The news was picked up by the malware repository “vx-underground” which, on X, said the database seemed, “remarkably small for a vendor as large and widespread as MailChimp.”
Others quickly chimed in, sharing a similar sentiment: “Like one customer,” one person said. “That’s probably 300 milliseconds worth of mailchimp data. Likely a client of a client’s emails were leaked,” another one added.
Everest is not a state-sponsored group, but since its members speak Russian, security researchers believe the group is located there, as well.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
It has been active since 2020, beginning as a data-extortion actor and later evolving into a full ransomware operation. Over time, it has shifted somewhat toward acting as an Initial Access Broker (IAB), too, selling access to compromised networks to other criminal gangs rather than executing ransomware themselves.
It has claimed hundreds of victims so far, including heavyweights such as AT&T, multiple South American governments, Coca‑Cola’s Middle East wing, Crumbl Cookies, Mediclinic hospitals, and Saudi conglomerate Rezayat Group.
Via Cybernews
You might also like
- Mailchimp is secretly building a CRM empire for SMBs, and it’s closer than you think right now
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.