After weeks of saying that only a single account - belonging to a Bitcoin-related customer - was compromised in a breach, SendGrid CSO David Campbell said in a Monday blog that an investigation showed an “employee's account had been compromised…and used to access several of our internal systems on three separate dates in February and March 2015.”
The systems housed usernames, email addresses and "salted and iteratively hashed" passwords for the email service's customers and employees. SendGrid “took actions to block unauthorized access and deployed additional processes and controls,” Campbell wrote. As a precaution, the company implemented a password reset systemwide, he said, and requested that all “customers reset their passwords to all of their SendGrid account access points.”
The 600 customers that use custom DKIM keys should generate new keys through the SendGrid interface and update DNS records. Those customers will receive separate email instructions from the company.