City
Epaper

Over 54 mn users' data at risk via 3 popular email marketing apps

By IANS | Updated: December 19, 2022 16:40 IST

New Delhi, Dec 19 Three popular transactional and marketing email service providers Mailgun, MailChimp and Sendgrid ...

Open in App

New Delhi, Dec 19 Three popular transactional and marketing email service providers Mailgun, MailChimp and Sendgrid have put data of more than 54 million mobile app users at risk, including from India, a report claimed on Monday.

People in the US have downloaded these apps the most, followed by the UK, Spain, Russia, and India, leaving over 54 million mobile app users vulnerable, according to cyber-security firm CloudSEK.

CloudSEK's 'BeVigil', a security search engine for mobile apps, uncovered about 50 per cent of the analysed (600) apps on the Google play store, leaking API keys of three popular transactional and marketing email service providers; Mailgun, MailChimp, and Sendgrid.

An API (application programming interface) is a piece of software that allows applications to communicate with each other without any human intervention. An API key is a special identification used by users, developers, or calling programmes to authenticate themselves to an API.

"Leaked API keys allow threat actors to perform a variety of unauthorised actions such as sending emails, deleting API keys, and modifying two-factor authentication," said security researchers.

Mailgun provides email API services enabling brands to send, validate, and receive emails through their domain at scale.

"An API key leak would allow a threat actor to send emails, read emails, get simple mail transfer protocol (SMTP) credentials, get IP address and statistics, allow creating, accessing, and deleting Webhooks and retrieve mailing lists of customers and launch a phishing campaign," said the report.

Mailchimp is a transactional email service first introduced in 2001 and later launched as a paid service with an additional freemium option in 2009.

An API key leak in Mailchimp would allow a threat actor to read conversations, fetch customer information, expose email lists of multiple campaigns containing personal identifiable information (PII), authorise third-party applications connected to a MailChimp account, manipulate promo codes and start a fake campaign and send emails on behalf of the company.

In the case of SendGrid, a communication platform intended for transactional and marketing emails, an API key leak would allow a hacker to send emails, create API keys, control IP addresses used to access accounts.

"In modern software architecture, APIs integrate new application components into existing architecture. So its security has become imperative. Software developers must avoid embedding API keys into their applications and should follow secure coding and deployment practices," said CloudSEK.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor

Tags: indiagoogleNew DelhiWord on macThe new delhi municipal councilWho dgDelhi south-westMicrosoft incUs google & youtubeSk dua
Open in App

Related Stories

MumbaiUniversity of Bristol Chooses Mumbai for Its First Overseas Campus, Set to Open in September 2026

NationalRaksha Bandhan 2025: Now You Can Send a Rakhi to Your Brother in India Post's Waterproof Envelope — Here's How to Track Your Parcel

NationalGold in Dubai Cheaper Than India: Pricing, Rules, and Import Limits Explained

NationalIndia Spends ₹1.38 Lakh Crore Annually on Edible Oil Imports

International‘This Might Hit You Hard’: NATO Chief Mark Rutte's Warning to India, China, and Brazil Over Russia Ties Amid Ukraine War

Technology Realted Stories

TechnologySouth Korean President Lee calls for measures to curb fake news on YouTube

TechnologyDPIIT ieam visits Bengaluru to boost IoT and Deep-Tech innovation

TechnologyIndia's smartphone exports hit record $7.72 billion in Q1FY26, Apple leads with $6 billion

TechnologyIndia’s chip market poised to scale $110 billion by 2030

TechnologyQ1 Earnings Review: Brokerages give mixed outlook, earnings downgrade ratio drops