Email delivery service SendGrid confirms data breach
Sendgrid, the email delivery and management service that counts among its clients companies like Pinterest, Airbnb and Uber, has admitted that they have been breached.
“On April 8, the SendGrid account of a Bitcoin-related customer was compromised and used to send phishing emails,” David Campbell, the company’s CSO shared on Monday.
“We initially believed that this account takeover was an isolated incident and worked with our customer to help them recover control of their account and minimize the damage of the attack. After further investigation in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team, we became aware that a SendGrid employee’s account had been compromised by a cyber criminal and used to access several of our internal systems on three separate dates in February and March 2015.”
“These systems contained usernames, email addresses, and (salted and iteratively hashed) passwords for SendGrid customer and employee accounts. In addition, evidence suggests that the cyber criminal accessed servers that contained some of our customers’ recipient email lists/addresses and customer contact information,” he noted.
“We have not found any forensic evidence that customer lists or customer contact information was stolen. However, as a precautionary measure, we are implementing a system-wide password reset. Because SendGrid does not store customer payment cards we do know that payment card information was not involved.”
The company is forcing a password reset for all customers, as well as asking those customers who have custom DKIM keys for sending mail to generate new ones. They are urging customers to guard their credentials, use unique, random passwords, and to enable two-factor authentication for their accounts.
“Identifying the perpetrator(s) of cyber attacks is difficult. While we cannot rule out the possibility that customer lists or customer contact information was stolen, we have no forensic evidence indicating that it was,” said Campbell.
He also announced new features to improve the security of their platform: release of API keys for customers to use instead of username/password; an IP whitelisting option to permit customers to authorize specific IP ranges to interact with their SendGrid account’s control panel; and enhanced two-factor authentication.
Compromised SendGrid accounts are a boon for spammers and scammers, allowing them to send out huge amounts of emails.