# SendGrid: Employee Account Hacked - Customer Credentials stolen



## wlanboy (Apr 28, 2015)

See: https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/



> On April 8, the SendGrid account of a Bitcoin-related customer was compromised
> and used to send phishing emails.
> 
> 
> ...


FUBAR.


----------



## telephone (Apr 28, 2015)

I wonder if the sysadmins limited access via VPN? If they did and the hacker used the VPN too, then wow! I'd hate to be that employee.


----------



## drmike (Apr 28, 2015)

Yikes!  Protecting things continues to be very complex and auditing even more so.

This hack will likely have broader implications.


----------



## Francisco (Apr 28, 2015)

drmike said:


> Yikes!  Protecting things continues to be very complex and auditing even more so.
> 
> This hack will likely have broader implications.


Considering they walked off with a ton of verified email lists, yup. Those will sell for a pretty penny on the black markets.

Francisco


----------



## KwiceroLTD (Apr 28, 2015)

Francisco said:


> Considering they walked off with a ton of verified email lists, yup. Those will sell for a pretty penny on the black markets.
> 
> 
> Francisco


Great, time to change my email address for the 3rd time this year.


----------



## Francisco (Apr 28, 2015)

KwiceroLTD said:


> Great, time to change my email address for the 3rd time this year.


I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.

Francisco


----------



## KwiceroLTD (Apr 28, 2015)

Francisco said:


> I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.
> 
> 
> Francisco


I do actually do something similiar, I have a "open" mail server per-say, pretty much it's [email protected] - x can be changed to anything you want at sign up, it accepts and forwards the email to my personal email, and if a lot of spam starts coming, I just block the email.


----------



## jarland (Apr 29, 2015)

That's really rough. Time for two factor on literally everything?


----------



## NetDepot-KH (Apr 29, 2015)

This is very bad and no way to prevent all these incident just to make sure you have all the security measurement in place for your staff. BTW hi Mandrill


----------



## Mayers (Apr 29, 2015)

Francisco said:


> I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.
> 
> 
> Francisco


That's a good idea. With all the problems like this lately I think it's time to do something like this.



jarland said:


> That's really rough. Time for two factor on literally everything?


Yep. Whenever this is an option I always use it.


----------

