Anyone Can Get Phished

Recent news brought this topic close to home: Troy Hunt, a renowned security expert and the creator of Have I Been Pwned (HIBP), recently shared that he fell victim to a sneaky phishing attack targeting his Mailchimp account.

Troy received an email that looked like it was from Mailchimp, claiming there was a spam complaint and that he needed to log in to resolve it. Being tired and a bit jet-lagged, he clicked the link and entered his credentials — only to realize moments later it was a fake site. The attackers immediately used this access to export his blog’s mailing list, containing around 16,000 records.

These attacks are becoming increasingly sophisticated, using social engineering to play on our emotions — fear, urgency — and even the most security-savvy among us can have a moment of weakness when tired or distracted.

What Stood Out: Radical Transparency

What was truly remarkable was Troy’s immediate and open disclosure. He published a detailed blog post just 34 minutes after realizing what had happened, explaining exactly how he was tricked. That kind of openness helps us all learn and become more aware of the threats we face online.

Even someone as security-savvy as Troy Hunt can have a moment of weakness. That’s the point.

The Takeaway

Always double-check links. If something feels off — even slightly — it probably is. And when a phishing attack succeeds despite vigilance, the best response is transparency, not silence.

Troy’s experience is a powerful reminder that phishing defense isn’t just about training. It’s about having layers of protection — including credential screening — so that even when social engineering succeeds, the downstream damage is contained.

myNetWatchman has been providing cyber fraud intelligence data for more than 20 years to retailers, financial services, insurance, and other industries. The company manages a continuously growing data repository containing over 35 billion exposed credential pairs and protects over 800 million users for their clients.