Email delivery service confirms data breach

An email delivery service that sends more than 18 billion online messages per month experienced a data breach earlier this year, the company confirmed on Monday.

SendGrid is urging its employees and customers to change their passwords and enable two-step authentication for their online accounts after hackers broke into a massive company database.


The intruders gained access to usernames, email addresses and passwords for SendGrid employees and customers, as well as servers holding large email address lists.

While there is no evidence the data was stolen, the company is taking the precautionary step of changing users’ passwords.

“Upon discovery, we took immediate actions to block all unauthorized access and deployed additional processes and controls to better protect our customers, our employees, and our platform,” SendGrid CSO David Campbell wrote in a blog post Monday.

“We have been working in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team to thoroughly investigate this incident and are taking a number of additional actions to increase our system security.”

The break-ins took place on three occasions in February and March, the company said. Information about the breach was originally published in the New York Times on April 9, though SendGrid said at the time that it was merely an isolated attack.

SendGrid has not revealed or speculated about the parties responsible for the attacks.