Application security, Breach, Compliance Management, Data Security, Privacy

SendGrid admits breach more extensive than originally believed

Share

After weeks of saying that only a single account - belonging to a Bitcoin-related customer - was compromised in a breach, SendGrid CSO David Campbell said in a Monday blog that an investigation showed an “employee's account had been compromised…and used to access several of our internal systems on three separate dates in February and March 2015.”

The systems housed usernames, email addresses and "salted and iteratively hashed" passwords for the email service's customers and employees. SendGrid “took actions to block unauthorized access and deployed additional processes and controls,” Campbell wrote. As a precaution, the company implemented a password reset systemwide, he said, and requested that all “customers reset their passwords to all of their SendGrid account access points.”

The 600 customers that use custom DKIM keys should generate new keys through the SendGrid interface and update DNS records. Those customers will receive separate email instructions from the company.

SendGrid admits breach more extensive than originally believed

SendGrid said the breach occurred after an employee account was compromised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.