Mailing List Archive

Sendgrid Under Siege from Hacked Accounts
Good day Guys

Got this off Hackernews. Thought I would share the link.

https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

Interesting comments too.

Regards
Brent
Re: Sendgrid Under Siege from Hacked Accounts [ In reply to ]
> On Aug 29, 2020, at 5:37 PM, Brent Clark <brentgclarklist@gmail.com> wrote:
>
> Good day Guys
>
> Got this off Hackernews. Thought I would share the link.
>
> https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
>
> Interesting comments too.

(kind of OT, sorry)

I know that at some point I setup a one-off account at one of these companies for a VPS that had to send confirmation emails and admin stuff out (low volume). It just seemed easier than trying to establish my VPS’ IP as legit in the eyes of major mail providers… Turns out it was Mailgun, not sendgrid.

But I went to sendgrid’s site and checked my password manager, and sure enough I had an account. But get this - no 2FA, and the login was something like cust88987987@heroku.com <mailto:cust88987987@heroku.com>. So a Heroku app (redmine, which needed to send ticket info via email) I setup back in 2017 and cancelled a year later spawned this sendgrid account, and the account is perhaps under the control of Heroku, as I can’t view/set billing info, nor do anything that would require verifying the accountholder email, is just sitting there, presumably to just add to the subscriber count that Sendgrid/Twilio uses to woo investors.

As best I can tell, I can login, I can make API keys, but I can’t delete the account because it’s not truly mine. Totally huge oversight on someone’s part. The account is active and able to send...

Charles

>
> Regards
> Brent
Sendgrid Under Siege from Hacked Accounts [ In reply to ]