Graham Cluley writes:
As I described yesterday in an article on the We Live Security blog, some MailChimp customers had their accounts hijacked, with the end result that their newsletter subscribers received a malicious email.
[…]A security researcher, who chooses to remain anonymous, contacted me telling me that he had a database of over 2,000 MailChimp usernames and passwords. The data was not sourced via a breach at MailChimp itself, but was a small part of a much larger data haul collected by the Vawtrak password-stealing trojan.
Read more on GrahamCluley.com.