Skip to content ↓ | Skip to navigation ↓

Sendgrid, a company that specializes in transactional email delivery services, is asking all its customers to reset their passwords following an account breach.

Earlier this month, the New York Times reported that hackers had compromised one of Sendgrid’s Bitcoin-related clients and speculated whether the incident may have affected other customers of the email service.

David Campbell, Chief Security Officer at Sendgrid, responded in a blog post that these charges were erroneous and misrepresented the hack’s isolated nature.

“We note that the original NYT Bits Blog post on April 9 related to this incident was inaccurate, and implied that SendGrid had incurred a platform-wide breach,” Campbell wrote.

“The story has now been updated to reflect that only a single SendGrid customer account was compromised.”

Since then, Sendgrid has apparently revised its earlier evaluation of the incident.

According to blog post published yesterday, David Campbell wrote that hackers were able to gain access to Sendgrid’s systems that contain information for employees and customers, including usernames, email addresses, and passwords. They also apparently infiltrated servers that store customers’ email addresses and other information.

Sendgrid has not found evidence that the hackers compromised any contact information in the incident. Even so, the company is asking all of its customers to change their passwords following a company-wide password reset.

“We took immediate actions to block unauthorized access and deployed additional processes and controls to better protect our customers, our employees, and our platform,” wrote Campbell.

To improve its password security, Sendgrid is encouraging all customers to activate its two-factor authentication service. It is also urging the 600 customers who use custom DKIM keys to generate new keys and update their DNS records to reflect that change.

In the meantime, the company plans on expediting the release of API keys, which will allow customers to use special keys instead of an email/password combination when sending out mail through Sendgrid’s systems.