[clon]

Why would employees need access to client API keys, as opposed to just client ID?

Furthermore, this seems to indicate that the API keys are not hashed. I would expect some bits of the API key to work as an identifier and the rest of the bits treated as secret material (properly hashed).

As a Mailgun customer, this is concerning..

[somedickhead]

As a former Rackspace employee, I had access to every customer secret IN PLAIN TEXT through multiple web-based systems with a click of a button (IE: business as usual).

[twunde]

Thanks for confirming this. I had my suspicions, especially after the last few years of using them and just seeing massive problems that seemed to be caused by the software at Rackspace.

[graystevens]

Agreed. Super disappointed by this (cleartext details and the breach). Will be looking to move all services from Mailgun shortly.