It happened to one of the most respected figures in cybersecurity—Troy Hunt, founder of the popular data breach notification service Have I Been Pwned, recently shared that he was caught off guard by a phishing email.
While traveling and feeling the effects of jet lag, Troy received what looked like a legitimate email from Mailchimp, the platform he uses to send his blog updates. The email claimed there was a spam complaint against his account and prompted him to log in to resolve the issue. The email looked convincing. And in a moment of lowered alertness, he entered his login credentials and a one-time password on a fake website.
Just like that, the attackers had access to his Mailchimp account and exported the email addresses of roughly 16,000 subscribers—both current and former. Fortunately, no actual emails were sent from his account before he caught the breach and locked it down.
Troy was quick to share the experience publicly, not just to warn others, but to highlight that phishing can fool even the most security-savvy among us.
What We Can All Learn From This
Phishing scams are designed to trick us when we’re tired, distracted, or stressed—which is exactly why they work. Here are a few simple reminders:
- Pause before you click. If an email pressures you to act fast or threatens account issues, take a breath and double-check before responding.
- Verify through other channels. Don’t use the links in a suspicious email—go directly to the website or app instead.
- Strengthen your login security. Two-factor authentication helps, but phishing-resistant methods like passkeys or hardware tokens add even stronger protection.
Our Mission: Making Security Accessible
At Spybot, we build tools to help protect people from threats just like this. But tools are only part of the equation—awareness and community matter just as much. Stories like this one remind us all that staying safe online isn’t about being perfect; it’s about staying informed, building habits, and looking out for each other.
Thanks to Troy Hunt for sharing openly and helping all of us learn from his experience.
Stay safe out there,
Team Spybot