[NamecheapCEO]

A third part email provider we use for our newsletter was impacted. Our own systems and customer accounts were not breached.

[ginja]

What customer information did you store with that provider? Just names and emails, or was there anything else that attackers may have been able to access?

[notahacker]

I don't know what they had stored, but the mailshots were addressed "Dear User" which suggests it was probably just emails

My email was also my domain name contact email, so I originally thought they'd obtained it by DNS lookup...

[thenickdude]

Mine was addressed with my full name in the "To:" field, so they do have our full names (but just didn't mail-merge those into the body of the message).

[worksonmine]

You and who else? If it's one of your employees credentials getting compromised this excuse isn't going to age well and will do more harm than good. I assume you're using a big provider and there would be news of others being affected.