Internal System at Email Delivery Service SendGrid Hacked

An employee account was compromised and hijacked to access other internal systems that contained customer and employee credentials.

On April 8, SendGrid disclosed less-grave details about the hack. A notice said an account belonging to a Bitcoin-related customer was breached and duplicitous “phishing” emails were sent from that account to direct users to transfer Bitcoins to a number of fraudulent accounts. SendGrid claimed the intrusion was an isolated incident, and disputed a New York Times article that said an attacker penetrated an internal SendGrid platform.

Yesterday, SendGrid announced that law enforcement and security investigations led to the discovery the Bitcoin-related scam was facilitated by the compromise of an internal SendGrid account. The SendGrid incursion occurred in February and March.

The breach exposed customer and employee usernames, email addresses, and salted and hashed passwords. Systems holding customer email lists, addresses and contact information were also accessed.

A day after the Bitcoin-related scheme surfaced, the Times reported that attackers used SendGrid credentials to hack the virtual currency exchange Coinbase.