"It was pretty clear that somebody was intercepting our password reset emails," Daiger said. "I also didn't know it was possible with SendGrid to silently BCC all your outgoing emails elsewhere. I would have been a little more wary about using it if I had known that was a feature."
The attackers were foiled, however. Both of Chunk Host's customers used two-factor authentication, which requires the input of a one-time password to get access to their accounts.
Sign up for Computerworld eNewsletters.