Mass email provider SendGrid is warning users that an attacker was able to compromise an employee’s account to access several of its internal systems, including servers that contained customers’ recipient email lists/addresses and customer contact information.
Apparently, the bad actor was able to knock around the network on three separate dates in February and March.
Earlier in April, SendGrid formally acknowledged a hack of the SendGrid account of a Bitcoin-related customer, which was used to send phishing emails.
“We initially believed that this account takeover was an isolated incident and worked with our customer to help them recover control of their account and minimize the damage of the attack,” the company said in a public notice. But after further investigation, the campaign was shown to be more widespread.
The systems accessed contained usernames, email addresses and (salted and iteratively hashed) passwords for SendGrid customer and employee accounts, along wiith the aforementioned direct email databases.
The company is implementing a system-wide password reset, and said that upon discovery, it took immediate actions to block unauthorized access, deploying additional processes and controls on its platform. However, the problem is that the effects of the compromise can ripple out, affecting the customers of SendGrid customers with widespread phishing and spam efforts.
SendGrid is used by 180,000 companies to send 14 billion emails per month, including for Uber, Pinterest, Spotify and Foursquare. As such, gaining SendGrid account credentials means access to an easy path to target-rich environments for phishing artists, who can send out legitimate-looking mails en masse.
SendGrid said that it’s working on new features for platform security, including API Keys, which will permit customers to use keys instead of username/password to send mail through our system programmatically, further reducing security exposure.
Its engineering team is also expediting the release of IP whitelisting, which will permit customers to authorize specific IP ranges to interact with their SendGrid account’s control panel, along with an enhanced two factor authentication system which will support additional authentication methods and also work for customers who assign multiple credentials to an account.