Security professionals are surprised but also concerned about the fact that the service provider e-mail Sendgrid does not apply Multi-Factor Authentication (MFA) to protect its customer accounts, which may have prevented a large number of accounts from being compromised and the stolen data from being sold to darknet.
In particular, Torsten George from the security company "Centrify" said that it is strange that an organization that works with a large number of companies for marketing purposes has not already implemented MFA for users, stressing that the application MFA is an important first step which the company must take urgently.
Sendgrid parent company, Twilio, stated that the company is working on the MFA claim process for all its accounts. It is important that breached accounts are used in Phishing and email-based malware attacks.
George commented positively on the fact that Twilio is already working on the MFA application, adding that Sendgrid's breach is a reminder of the importance of authentication for all businesses. Twilio creates APIs that businesses use to communicate with their customers through it platform using email, text and video.
It is worth noting that the company has not published information on the number of accounts affected by the breach, but also on how they were breached. However, he mentioned the Netflix, Airbnb and Lyft among its customers, while MediaPost reported that the company signed contracts with 28 cities, states and universities to handle contract award for the programs. COVID-19: covering about 150 million people.
James McQuiggan, who promotes security awareness at KnowBe4, said it was important for businesses and consumers to change their passwords if they thought they had been compromised. He also added that credentials that have been stolen in the past may have been used by hackers to access Twilio accounts.
According to McQuiggan, account breaches may have arisen from previous farms and attacks against infringing organizations that happen to use Sendgrid. Given that users are logged in to their business email, cybercriminals have collected millions of email accounts and passwords from other cyber attacks. In addition, he explained that cybercriminals take for granted that credentials are reused and can use those they have access to to carry out a brute force attack on Sendgrid accounts. McQuiggan added that without an MFA, a user's account would never know that someone was trying to sign in to Sendgrid from their account.
At the same time, George advises Sendgrid customers to immediately change their passwords and set new strong passwords that are unique and complex. They should also ensure that other accounts that used the same Sendgrid password are updated, as cybercriminals will use stolen passwords in credential stuffing attacks, in which they use stolen data to invade other accounts using the same login information.