SendGrid customers told to reset passwords and DKIM keys after breach

Employee credentials compromised, leading to unauthorized access in February and March of this year

sendgrid screenshot
Credit: SendGrid

SendGrid, a Boulder, Colorado-based transactional and marketing email delivery service, urged customers to reset passwords on Monday, after an internal investigation discovered that an employee's credentials were compromised.

In addition, customers with DKIM keys are being asked to generate new ones.

According to a company blog post on the topic, on or around April 8, a Bitcoin-related customer was compromised, and had their SendGrid account used to send Phishing emails.

It was believed the account compromise was isolated, but further investigation by SendGrid, in collaboration with FireEye and law enforcement, revealed that a SendGrid employee had their credentials compromised.

The employee's credentials were used on three separate dates in February and March of this year, to access systems that contained "usernames, email addresses, and (salted and iteratively hashed) passwords for SendGrid customer and employee accounts," explained David Campbell, SendGrid's CSO.

"In addition, evidence suggests that the cyber criminal accessed servers that contained some of our customers’ recipient email lists/addresses and customer contact information. We have not found any forensic evidence that customer lists or customer contact information was stolen. However, as a precautionary measure, we are implementing a system-wide password reset."

There was no financial information involved in the incident, because such information isn't stored by SendGrid.

On Monday, SendGrid customers stated receiving notices about the incident and the request for password resets. In addition, 600 customers with custom DKIM keys are being asked to generate new ones and update DNS records to reflect the change.

The customer notice also recommends that accounts use two-factor authentication, as well as unique, randomly generated passwords for their accounts, which are heavily guarded.

In an effort to improve things, SendGrid is working to expedite the release of API keys, which will enable customers to use keys instead of the standard username/password function when sending email through the system. Enhanced two-factor controls are also being implemented, as well as IP whitelisting features.

"We realize that email delivery is an essential part of our customers’ regular course of business and we sincerely apologize for all the inconvenience this has caused. Security is a priority to us at SendGrid and we will continue to work hard to earn your trust by making every effort to deliver a secure service," Campbell's statement concluded.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.