Hacker News new | past | comments | ask | show | jobs | submit login

Just because a blog post was written on the CEO's account doesn't mean the CEO wrote it. PG has said they think it's a fake, and a blog post on the site is consistent with that.

I'm not sure I agree, but still.




How realistic is it really that Sendgrid's official Facebook, Twitter, blog, and status site were all compromised simultaneously?


If you compromise the Gmail account of the person that controls all of them- quite realistic.


Honestly, if an email service provider gets hacked on all public channels due to an email password being hacked, you should probably factor that into decisions about what email service provider to use.


The weakest link is always the user.

In the event that an account was compromised, I'd put money on it being 100% due to a naive user.


Which makes me wonder why everybody races to sign-up for ancillary services like Mailbox which just open up additional vectors of attack on people's most-sensitive account.


Maybe because they like the app more than they fear identity theft.


But how realistic is it that there would be no statement at all from the company about the accounts being compromised?


Pretty realistic. Compromises tend to be pretty far-reaching because often the weakest points are single points of failure for many system (email accounts especially).


Hmm, given that one of those is compromised, I'd say it's more likely that the rest are as well--Bayesian reasoning and all that. (Yeah, I don't actually know much about probability :P.)

People share passwords all the time. Also, if somebody's computer or email account was compromised, chances are that would also give up the credentials for all of the sites.


Their blog at least is running wordpress, from wordpress.com. It's possible that they did get compromised somewhere since all of the things seem to be external to them that they did get compromised and they weren't entirely aware of it right away because of the DDoSing. I can't imagine though that they can't have heard of this by now and aren't trying to do something about it if it's fake.


It's quite realistic. Or rather, the possibility that SendGrid's official Facebook, Twitter, blog, and status site all use the same password is quite realistic, and if that's the case then you only have to compromise one site to get them all.


They most likely share the same password so that multiple sendgrid employees can post to each of the pages.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: