- Security
Email Security Best Practices: How To Keep Your Email Program Safe
Phil Adams
• 13 min read
- What's new
Mailgun Security Incident And Important Customer Information
Josh Odom
• 5 min read
This was originally posted on January 5, 2018.
On January 3, 2018, Mailgun became aware of an incident in which a customer’s API key was compromised and immediately began diagnostics to help determine the cause and the scope of impact.
At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application.
Mailgun has now completed its diagnostic of accounts that were affected and has notified each of the affected users. At this time, we believe less than 1% of our customer base was potentially affected. If you were not directly notified by Mailgun regarding this incident, then your account was not affected. We are engaging with a third-party security team to complete an additional audit of this incident to validate our findings.
Finally, we’d like to assure our customers and partners that we take security at Mailgun very seriously. We are using this as an opportunity to further evaluate the security of our platform to better serve and protect our customers. We will provide an update upon the completion of our investigation.
If you have any questions, please do not hesitate to contact security@mailgun.net. For media inquiries, please contact media@mailgun.net.
Questions You May Have
Who was affected?
Only a small subset of Mailgun accounts were impacted. We have directly notified all affected users. If you did not receive a notification email, your account was not among those affected.
What do I need to do to protect my account?
If you were notified that your account was affected, we advise that you do the following to protect your account from unauthorized access: 1) Rotate your Mailgun API keys (click here for more info on how this process works) 2) Change your SMTP username and passwords (this article shows you where to manage your SMTP credentials)
Was my account billing or credit card information compromised?
No. Customer payment information was not compromised.
Last updated on May 04, 2021
- Related posts
- Recent posts
- Top posts
- Security
Mailgun’s Active Defense Against Log4j
Adam Cole• 5 min read- Quick tips
How to Improve Holiday Supply Chain Communication with Email
Kasey Steinbrinck• 9 min read- For devs
What Is a RESTful API, How It Works, Advantages, and Examples
Natalie Hays• 13 min read- What's new
Email’s Not Dead Season 3 Is Finally Here
Thomas Knierien• 3 min read- Security
Vulnerability Management: Working With the Community To Patch Security Threats
Jesse Kinser• 7 min read- What's new
Easier and Faster Implementation with Our Updated SDKs
Chris Farmer• 3 min read- Email DIY
The Difference Between SMTP and API
Mary Dolan• 7 min read- Security
A Word of Caution For Laravel Developers
Nick Schafer• 4 min read- Security
Privacy Matters: Your Data Is Safe With Us
Darine Fayed• 5 min read
- What's new
InboxReady x Salesforce: The Key to a Stronger Email Deliverability
Mailgun Team• 5 min read- Email DIY
Become an Email Pro With Our Templates API
Sergey Chekluev• 8 min read- Best Practices
Google Postmaster Tools: Understanding Sender Reputation
Cameron Henry• 8 min read- Quick tips
Navigating Your Career as a Woman in Tech
Celeste Rance• 13 min read- Guides
Implementing Dmarc – A Step-by-Step Guide
Phil Adams• 11 min read- Best Practices
Email Bounces: What To Do About Them
Mailgun Team• 7 min read- What's new
Announcing InboxReady: The deliverability suite you need to hit the inbox
Mailgun Team• 5 min read- Events
Black History Month in Tech: 7 Visionaries Who Shaped The Future
Ron Davis• 13 min read- Best Practices
How To Create a Successful Triggered Email Program
Beatriz Redondo Tejedor• 11 min read- For devs
Designing HTML Email Templates For Transactional Emails
Mailgun Team• 4 min read
- What's new
InboxReady x Salesforce: The Key to a Stronger Email Deliverability
Mailgun Team• 5 min read- Guides
Implementing Dmarc – A Step-by-Step Guide
Phil Adams• 11 min read- What's new
Announcing InboxReady: The deliverability suite you need to hit the inbox
Mailgun Team• 5 min read- For devs
Designing HTML Email Templates For Transactional Emails
Mailgun Team• 4 min read- Security
Email Security Best Practices: How To Keep Your Email Program Safe
Phil Adams• 13 min read- Security
Mailgun’s Active Defense Against Log4j
Adam Cole• 5 min read- Best Practices
Email Blasts: The Dos And Many Don’ts Of Mass Email Sending
Mailgun Team• 8 min read- Quick tips
Email's Best of 2021
Kate Nowrouzi• 5 min read- For devs
5 Ideas For Better Developer-Designer Collaboration
Nicki Snyder• 10 min read- What's new
Mailgun Joins Sinch: The Future of Customer Communications Is Here
Mailgun Team• 4 min read
Always be in the know and grab free email resources!
No spam, ever. Only musings and writings from the Mailgun team.
By sending this form, I agree that Mailgun may contact me and process my data in accordance with its Privacy Policy.
sign up
It's easy to get started. And it's free.
See what you can accomplish with the world's best email delivery platform.