Employee credentials compromised, leading to unauthorized access in February and March of this year SendGrid, a Boulder, Colorado-based transactional and marketing email delivery service, urged customers to reset passwords on Monday, after an internal investigation discovered that an employee’s credentials were compromised.In addition, customers with DKIM keys are being asked to generate new ones.According to a company blog post on the topic, on or around April 8, a Bitcoin-related customer was compromised, and had their SendGrid account used to send Phishing emails.It was believed the account compromise was isolated, but further investigation by SendGrid, in collaboration with FireEye and law enforcement, revealed that a SendGrid employee had their credentials compromised. The employee’s credentials were used on three separate dates in February and March of this year, to access systems that contained “usernames, email addresses, and (salted and iteratively hashed) passwords for SendGrid customer and employee accounts,” explained David Campbell, SendGrid’s CSO.“In addition, evidence suggests that the cyber criminal accessed servers that contained some of our customers’ recipient email lists/addresses and customer contact information. We have not found any forensic evidence that customer lists or customer contact information was stolen. However, as a precautionary measure, we are implementing a system-wide password reset.” There was no financial information involved in the incident, because such information isn’t stored by SendGrid.On Monday, SendGrid customers stated receiving notices about the incident and the request for password resets. In addition, 600 customers with custom DKIM keys are being asked to generate new ones and update DNS records to reflect the change.The customer notice also recommends that accounts use two-factor authentication, as well as unique, randomly generated passwords for their accounts, which are heavily guarded.In an effort to improve things, SendGrid is working to expedite the release of API keys, which will enable customers to use keys instead of the standard username/password function when sending email through the system. Enhanced two-factor controls are also being implemented, as well as IP whitelisting features.“We realize that email delivery is an essential part of our customers’ regular course of business and we sincerely apologize for all the inconvenience this has caused. Security is a priority to us at SendGrid and we will continue to work hard to earn your trust by making every effort to deliver a secure service,” Campbell’s statement concluded. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe