Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Spam Communications

'Unusually Large Number' of Breached SendGrid Accounts Are Sending Spams and Scams (krebsonsecurity.com) 13

Krebs on Security reports: Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid's parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime...

[A] large number of organizations allow email from Sendgrid's systems to sail through their spam-filtering systems. To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click...

Rob McEwen is CEO of Invaluement.com, an anti-spam firm whose data on junk email trends are used to improve the spam-blocking technologies deployed by several Fortune 100 companies. McEwen said no other email service provider has come close to generating the volume of spam that's been emanating from Sendgrid accounts lately. "As far as the nasty criminal phishes and viruses, I think there's not even a close second in terms of how bad it's been with Sendgrid over the past few months," he said...

Neil Schwartzman, executive director of the anti-spam group CAUCE, said Sendgrid's two-factor authentication plans are long overdue, noting that the company bought Authy back in 2015. "Single-factor authentication for a company like this in 2020 is just ludicrous given the potential damage and malicious content we're seeing," Schwartzman said... Schwartzman said if Twilio doesn't act quickly enough to fix the problem on its end, the major email providers of the world (think Google, Microsoft and Apple) — and their various machine-learning anti-spam algorithms — may do it for them.

Krebs found an online cybercriminal selling access to more than 400 compromised Sendgrid accounts. "Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400."
This discussion has been archived. No new comments can be posted.

'Unusually Large Number' of Breached SendGrid Accounts Are Sending Spams and Scams

Comments Filter:
  • by Mr. Roadkill ( 731328 ) on Saturday August 29, 2020 @08:44PM (#60454282)
    This has been common knowledge to mail admins for some time. Maybe now that Sendgrid are getting some bad mainstream-ish press about it, they'll actually do something about the problem.
    • That is indeed the case.

      Additionally, in the past you got a near immediate response from sendgrid abuse and a zendesk ticket reference. Not at the moment. I sent them one of the SPAM samples and there has been no response.

  • by WoodstockJeff ( 568111 ) on Saturday August 29, 2020 @08:44PM (#60454284) Homepage

    I've thought that was stupid for a LONG time. We block it by default, because they've been sending spam for years.

  • by Orgasmatron ( 8103 ) on Saturday August 29, 2020 @09:20PM (#60454336)

    I blocked sendgrid in my spam filter on July 27th after the second wave of phishing emails showed up. Unblocked for a few hours the other day after a complaint. Problem is still ongoing, of course, which is why it was only for a few hours.

    10-15 years ago, I was draconian - I would have looked up their ASN and routed all of their IP blocks to the bit bucket without telling anyone. I miss those days. Much easier than explaining to my users that they need to explain to their vendor that their vendor needs a new mail service provider.

  • by mrsam ( 12205 ) on Saturday August 29, 2020 @10:13PM (#60454416) Homepage

    Although sendgrid is a large outfit, it's not like they provide service to a notable fraction of commercial E-mail senders on the interwebs.

    Given that established fact, we can draw one of two possible logical conclusion:

    1) Someone ran a large randomly-targeted phish/hack campaign. And it just so happens that (nearly) everyone who got compromised ended up being a sendgrid customers, with account credentials ex-filtrated from their PCs.

    2) Sendgrid itself has been hacked, and had some portion of their customer base/credentials stolen.

    So, which one is more likely, folks?

    I too noted a sudden onslew of Sendgrid spam, a few months ago. Same cookie-cutter phish bait, over and over again. After no response to abuse, I shitlisted their IPs. I thought that someone's churning through Sendgrid's trial accounts, but looks like those clowns were themselves hacked.

  • wait what? (Score:3, Informative)

    by superwiz ( 655733 ) on Sunday August 30, 2020 @12:04AM (#60454584) Journal
    Isn't the whole point of sendgrid to send spam? Or is it "large volume email campaigns?"
  • Aside from Sendgrid constantly sending out scams and viruses, it has a virtually nonexistent abuse response program. They ignore complaints. The top level ISPs and major RBL maintainers should blacklist them and put them out of business. This is a good example of a poorly managed company that should not be allowed to send out ANY e-mails until they control their servers.

Utility is when you have one telephone, luxury is when you have two, opulence is when you have three -- and paradise is when you have none. -- Doug Larson

Working...