720-891-1663

Sendgrid Under Siege

Return to the list of client alerts

Ya’ know how I keep harping on the importance of two factor authentication?

And ya’ know how people resist it?

Well, apparently, since people choose crappy passwords and won’t use two factor, and businesses, of course, want to keep their customers happy, Sendgrid is dealing with the result.

But the real issue is that Sendgrid is only one company that is in the spotlight today.

If you run any Internet facing services, you could be in the spotlight tomorrow.

So what is happening to Sendgrid?

Sendgrid, for those of you who do not know, is an email service that many companies use to distribute corporate communications to massive lists. As of early last year, they had sent out 2 TRILLION emails.

Sendgrid works hard to play nice with all of the spam filters, so their emails likely will be delivered to your inbox and not to your spam folder. Which is what the people who are hacking Sendgrid customer’s accounts want. They are sending spam and they want their spam and malware delivered to YOUR inbox. Since Sendgrid uses tracking links, you can’t just look at a link in an email that comes from Sendgrid and see that it is coming from a .RU domain.

It has gotten to be so bad that some folks are filtering out Sendgrid accounts on the receiving end – not what customers who are paying them the big bucks to get into your inbox want.

But Sendgrid is only today’s scapegoat.

There is nothing to stop hackers from compromising the accounts of your customers if you don’t help then – or force them – to implement good cyber hygiene.

You may remember that last year it was Ring. They traded security for convenience and after enough of their customers’ accounts were hacked and used for malicious purposes – along with the horrible PR they got, Ring FORCED all customers to use 2 factor. Arlo, Ring’s competitor, saw the handwriting on the wall and forced their customers to use 2 factor.

But this alert is about you. If you run a customer facing web site and, especially, if your web site collects sensitive information such as a mortgage company does, you are vulnerable. In those cases maybe the crooks want your customer’s information.

Are you prepared?

Today it is Sendgrid – and probably a bunch of others that haven’t made the news. Tomorrow – is it you? Credit: Brian Krebs

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy