> CloudSEK's BeVigil research team uncovered that about 50% of apps on Google Playstore from 600 examined are leaking API keys of three email service providers – MailChimp, Mailgun, and Sendgrid.
This is beyond embarrassing. First because you try to put the blame on a third-party, even naming them before having the full picture. Second, because you don't even understand how clickbaity that article is when it mentions:
> According to the report, the mentioned platforms are used by such companies as Spotify, Uber, Airbnb, RazorPay, Slack, Reedit, and Stripe. The API key leak could potentially lead to the exploitation of users' data.
They have nothing to do with amateur apps storing sensitive keys in the app as opposed to on their own servers. What are you guys even doing over there what the actual fuck?
The target domain is https://links.namecheap.com which goes to https://iterable.com/
DKIM-signed
Seems to be either DHL or Metamask.
What concerns me a lot being a customer is that they have been compromised for a couple of days already without taking proper actions: https://twitter.com/polmesegue/status/1623628920636559361
Both emails were handled by Sendgrid, passing spf, dkim, and dmarc. They appear to use the same dkim selector, though I suppose that isn't so important--just that the headers were convincing enough.
My first thought was “I guess MetaMask are trying to monetise”. Took me a minute to realise it wasn’t legit
