Most likely related to API keys in plaintext on apps? Are you fucking kidding me?
> CloudSEK's BeVigil research team uncovered that about 50% of apps on Google Playstore from 600 examined are leaking API keys of three email service providers – MailChimp, Mailgun, and Sendgrid.
This is beyond embarrassing. First because you try to put the blame on a third-party, even naming them before having the full picture. Second, because you don't even understand how clickbaity that article is when it mentions:
> According to the report, the mentioned platforms are used by such companies as Spotify, Uber, Airbnb, RazorPay, Slack, Reedit, and Stripe. The API key leak could potentially lead to the exploitation of users' data.
They have nothing to do with amateur apps storing sensitive keys in the app as opposed to on their own servers. What are you guys even doing over there what the actual fuck?
I received one of these phishing emails, today, and also Namecheap's follow-up/apology. The phony email purported to be from DHL, which really stood out.
Both emails were handled by Sendgrid, passing spf, dkim, and dmarc. They appear to use the same dkim selector, though I suppose that isn't so important--just that the headers were convincing enough.
E-mails are sent from namecheap.com and are using their e-mail template and their link redirecting system. Some of their infrastructure might be compromised.