Email delivery platform SendGrid has revealed more details of a recent phishing attack that saw Bitcoin exchange Coinbase’s SendGrid account compromised. And it fears more customers could be at risk than originally thought.
Founded in 2009, SendGrid provides the infrastructure for companies to manage their transactional email initiatives, covering aspects such as shipping notifications, newsletters, and sign-up confirmations. It has built an impressive arsenal of customers that includes the likes of Pinterest, Pandora, Spotify, Airbnb, Uber, LinkedIn, and FourSquare. Today, SendGrid reports that it has sent more than 300 billion emails, equating to an average of 435 million emails per day, or 15 billion emails per month.
Though SendGrid wouldn’t confirm that Coinbase was the hack target earlier this month, stating only it was a “Bitcoin-related client,” the New York Times revealed the identify of the account. The Coinbase account was used to “phish” other users into transferring Bitcoins to “multiple bad actor accounts, promising interest payments,” SendGrid revealed at the time, while also claiming that there hadn’t been an internal breach within the company.
SendGrid initially referred to the hack as an “isolated attack on one SendGrid customer,” but it has now revealed that a SendGrid employee’s account had been compromised and used to access its systems on three separate occasions in February and March.
Within these systems were usernames, email addresses, and “salted and iteratively hashed” passwords for SendGrid customer and employee accounts. SendGrid also admitted that some servers containing customers’ recipient email and contact information had likely been accessed. However, SendGrid said it hasn’t found “any forensic evidence that customer lists or customer contact information was stolen.” And the company’s also quick to point out that SendGrid doesn’t store payment card information, so this data should remain safe.
That all said, SendGrid has enforced a full system-wide password reset just in case. And, as ever, other recommended security measures include enabling two-factor authentication and using strong passwords. Additionally, SendGrid says it will now speed up the development of additional security processes, including API keys — a feature that is currently in open beta — and “enhanced” two-factor authentication.
There has been a spate of high-profile hacks in recent times, including retailer Target which saw a huge data breach involving credit card details and other personal information that exposed 70 million customers. Home Depot, too, reported a mammoth breach last year that’s thought to have hit almost 60 million consumers, and was referred to by some cybersecurity experts as the biggest hack in the history of U.S. retail.
While SendGrid’s breach may not be as far-reaching as Target or Home Depot, that fact that an employee account was hacked, rather than a single customer account, definitely shines a new light on hacking tactics. VentureBeat has reached out to SendGrid to see if it can share any more information around how its employee’s account was accessed, and we will provide updates here.