Post Mortem - NameCheap Feb 2023

On Sunday, Feb 12th, I received a suspcious message about a DHL delivery from Pretty odd, but I ignored. Later I received notification from NameCheap that there had been a compromise. As of 18:18UTC on 2/13 it’s still being investigated. Below are the emails headers of my message, which appears to be an authenticated message from Sendgrid. I would venture to guess that an API key was leaked. Certainly highlights the need to protect third-party access to such systems.


Planning for a DevOps Cycle Architecture Platform Engineering: Home for Platform Engineers. Includes a comprehensive tech library of stacks/solutions. Redhat Demo Central - Architectures for a wide range of cloud infrastructures and problems. Who Cares If It Scales - Avoiding pre-mature optimization. Statistics Github Release Download Stats: For public projects, perhaps useful to gauge how popular certain packages are - espcially if one is NOT collecting telemetry data directly from users.
Steve Miller BY-NC 4.0 | Rendered by Hugo | Subscribe