Mailchimp API Key
Detects Mailchimp API keys, formatted as 32 hex characters followed by -us and a 1-2 digit datacenter code. A leaked key grants access to audience lists, campaigns and subscriber PII.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the trailing -us<digits> datacenter suffix on a 32-hex body is a distinctive Mailchimp structure with low false-positive risk.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9])[a-f0-9]{32}-us[0-9]{1,2}(?![A-Za-z0-9])Corroborative evidence keywords
mailchimp, mailchimp.com, api key, MAILCHIMP_API_KEY, audience, campaign, datacenter
Proximity: 300 characters
Should match
abcdef0123456789abcdef0123456789-us6— Mailchimp API key, 32 hex + -us + 1 digitMAILCHIMP_API_KEY=0123456789abcdef0123456789abcdef-us21— Labelled Mailchimp key with two-digit datacenter codefedcba9876543210fedcba9876543210-us1— Another Mailchimp key body
Should not match
abcdef0123456789abcdef0123456789-eu6— Wrong datacenter prefix (-eu instead of -us)abcdef0123456789abcdef0123-us6— Hex body too short (26 instead of 32)rotate the mailchimp api key for the us datacenter— Prose mention without a token value
Known false positives
- A 32-hex hash that coincidentally precedes the literal -us and a digit. Mitigation: Require corroborative Mailchimp keywords within proximity before alerting.
- Documentation or examples showing placeholder keys. Mitigation: Check for placeholder markers (example, xxxx) and require Mailchimp context.