SendGrid reveals scope of hack, issues password reset

The e-mail delivery platform admitted en employee account was accessed three times this year

Earlier this month, e-mail delivery platform SendGrid admitted that one of its clients, a Bitcoin-related customer, had been hacked. The company insisted at the time that "this incident was an isolated attack on one SendGrid customer," and that other clients did not have to worry.

Turns out, SendGrid massively underestimated the scope of this attack.

In a new blog post, put out on Tuesday, the company shed some new light on what happened. Not only was this not an isolated incident, its internal systems were breached three separate times in February and March of this year,

Not only that, but it was actually the account of a SendGrid employee that was accessed, potentially releasing usernames, email addresses, and passwords for SendGrid customer and employee accounts. On top of that, there is evidence that customers’ recipient email lists/addresses and customer contact information were also accessed.

"We have not found any forensic evidence that customer lists or customer contact information was stolen," David Campbell, the Chief Security Officer at SendGrid, wrote.

However, as a precautionary measure, we are implementing a system-wide password reset. Because SendGrid does not store customer payment cards we do know that payment card information was not involved."

SendGrid is also asking that 600 of its customers to generate new digital signatures, or DKIMs, and for all of its customers to impliment two-factor authentication.

On SendGrid's end, Cambell says the company "took immediate actions to block all unauthorized access and deployed additional processes and controls to better protect our customers, our employees, and our platform."

The company has also been working in collaboration with law enforcement and FireEye’s Incident Response Team "to thoroughly investigate this incident and are taking a number of additional actions to increase our system security. The first step is to work with our customers to ensure they have taken all the appropriate precautions to protect themselves."

Founded in 2009, SendGrid is a cloud-based email platform that delivers over 17 billion customer engagement emails each month for Internet and mobile-based customers. Its clients include Pinterest, Airbnb, Pandora, Hubspot, Spotify, Uber, Linkedin and FourSquare, as well as more traditional enterprises like Taco Bell, Walmart, Intuit and Costco. 

Online security

Sadly, breaches and hackings like this have become more and more commonplace in recent years.

Cybersecurity has become such a big deal since the Target and Sony breaches over the last few years that even President Obama recently started making declarations abiut further punishments for such attacks.

Since it started making headlines, venture capital took notice as well, and started putting ore money into these types of startups. In the last 5 years, $7.3 billion has been invested into 1208 private cybersecurity startups, according to CBInsights. 

In 2014, funding for cybersecurity startups broke the $2 billion barrier for the first time while deals grew to a total of 269.

Some of the companies that have raised the most funding in the space over the last couple of years have included Good Technology, which raised $80 million; Lookout, which raised a $150 million round; Okta, which raised a $27 million Series D funding round; Bit9, which raised $38.25 million; and Veracode, which raised a $40 million funding round.

(Image source: twitter.com)