Security News > 2020 > August > Sendgrid Under Siege from Hacked Accounts

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

Dealing with compromised customer accounts is a constant challenge for any organization doing business online today, and certainly Sendgrid is not the only email marketing platform dealing with this problem.

McEwen said no other email service provider has come close to generating the volume of spam that's been emanating from Sendgrid accounts lately.

McEwen said the incidence of malicious spam coming from Sendgrid has gotten so bad that he recently launched a new anti-spam block list specifically to filter out email from Sendgrid accounts that have been known to be blasting large volumes of junk or malicious email.

Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400. "I have a large supply of cracked Sendgrid accounts that can be used to generate an API key which you can then plug into your mailer of choice and send massive amounts of emails with ensured delivery," Kromatix wrote in an Aug. 23 sales thread. "Sendgrid servers maintain a very good reputation with so your content becomes much more likely to get into the inbox so long as your setup is correct."

News URL

https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/