Fraud Management & Cybercrime , Incident & Breach Response , Security Operations

Lack of MFA May Have Enabled Sendgrid Account Compromise

Email Service Provider Moving to Implement Additional Security Measures
Lack of MFA May Have Enabled Sendgrid Account Compromise
Sendgrid's parent company is Twilio.

Security professionals are expressing surprise that email service provider Sendgrid did not have multifactor authentication in place to protect its customer accounts, which may have enabled the compromise of a large number of accounts, followed by the sale data on the darknet.

See Also: A Look into the Future of Work with EPM, Identity and Access Controls

"It's actually quite shocking that an organization that works with business customers for marketing purposes didn't already have multifactor authentication in place for users, and implementing it as a requirement is a critical first step that should happen urgently," says Torsten George, cybersecurity evangelist with security firm Centrify.

Sendgrid's parent company, Twilio, tells security blogger Brian Krebs that the company is in the process of requiring multifactor authentication for all its accounts. The hacked accounts are being used in phishing and email-based malware attacks, Krebs reports.

"It's positive to see that parent company Twilio is already working on this," George says. "The Sendgrid hack is a reminder of the importance of identity management for all businesses."

Twilio creates APIs that businesses use to help them communicate with their customers through its platform using email, text and video, essentially make the company a middle man in the communications process.

The company has not publicly released any information on the number of accounts that were hacked or how they were compromised. Twilio lists Lyft, Airbnb and Netflix among its customers, and MediaPost reports the company signed a contract with 28 cities, states and universities to handle contract tracing for their COVID-19 programs covering about 150 million people.

A company spokesperson could not be immediately reached for additional comment.

Reusing Old Credentials

James McQuiggan, security awareness advocate at KnowBe4, notes it's important for businesses and consumers to change their password if they believe it was compromised. He says previously stolen credentials may have been used to gain access to the Twilio accounts.

"The account compromises may have occurred from previous exploits and attacks against breached organizations who also happen to use Sendgrid. Considering the users are logging in with their business email, the cybercriminals have collected millions of email and password accounts from other cyberattacks," McQuiggan says.

Fraudsters and cybercriminals take for granted that login credentials are reused and can use those to which they have access to conduct a brute force attack on Sendgrid's accounts, he says.

"Without MFA, the user account will never know someone is trying to log into Sendgrid with their account," McQuiggan notes.

George adds: "Sendgrid customers should immediately change their passwords, ensuring they are unique and complex. "They should also make sure any other accounts that used the same Sendgrid password are updated as well. This is because cybercriminals will use stolen passwords in credential stuffing attacks, which use breached details to break into other accounts using the same login information."


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.