SendGrid: Employee Account Hacked - Customer Credentials stolen

[wlanboy]

See: https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/

On April 8, the SendGrid account of a Bitcoin-related customer was compromised
and used to send phishing emails.

 

We initially believed that this account takeover was an isolated incident and worked
with our customer to help them recover control of their account and minimize the damage of the attack.

 

After further investigation in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team,
we became aware that a SendGrid employee’s account had been compromised by a cyber criminal and
used to access several of our internal systems on three separate dates in February and March 2015.

 

These systems contained usernames, email addresses, and (salted and iteratively hashed) passwords for
SendGrid customer and employee accounts. In addition, evidence suggests that the cyber criminal accessed
servers that contained some of our customers’ recipient email lists/addresses and customer contact information. 

FUBAR.

 

[telephone]

I wonder if the sysadmins limited access via VPN? If they did and the hacker used the VPN too, then wow! I'd hate to be that employee.

 

[drmike]

Yikes!  Protecting things continues to be very complex and auditing even more so.

This hack will likely have broader implications.

 

[Francisco]

Yikes!  Protecting things continues to be very complex and auditing even more so.

This hack will likely have broader implications.

Considering they walked off with a ton of verified email lists, yup. Those will sell for a pretty penny on the black markets.

Francisco

 

[KwiceroLTD]

Considering they walked off with a ton of verified email lists, yup. Those will sell for a pretty penny on the black markets.


Francisco

Great, time to change my email address for the 3rd time this year.

 

[Francisco]

Great, time to change my email address for the 3rd time this year.

I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.

Francisco

 

[KwiceroLTD]

I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.


Francisco

I do actually do something similiar, I have a "open" mail server per-say, pretty much it's [email protected] - x can be changed to anything you want at sign up, it accepts and forwards the email to my personal email, and if a lot of spam starts coming, I just block the email.

 

[jarland]

That's really rough. Time for two factor on literally everything?

 

[NetDepot-KH]

This is very bad and no way to prevent all these incident just to make sure you have all the security measurement in place for your staff. BTW hi Mandrill

 

[Mayers]

I think at this point people are starting to get their own personal domain and just make a [email protected] for each site you register to. This way you know who's been compromised or selling your details.


Francisco

That's a good idea. With all the problems like this lately I think it's time to do something like this.

That's really rough. Time for two factor on literally everything?

Yep. Whenever this is an option I always use it.