[snehalvpatel86]

We deeply apologise for the concerns that our users have been experiencing due to the attack on BrowserStack. We have determined that the hacker's access has been restricted solely to a list of email addresses. As a precaution, we recommend changing your BrowserStack password.

We are still in the process of sanitisation, and making doubly sure this situation never reoccurs. We are on top of it, and will post updates as they happen. Thank you for your patience. BrowserStack will be back up in a few hours.

-Snehal@BrowserStack

[lenniez]

The mail was sent from Amazon SES. To be able to send email from your domain they had to verify it. TXT _amazonses.browserstack.com doesn't show any record for verification. How could the hacker that had solely access to a list of email addresses verify your domain?

[nodesocket]

Does anybody have the e-mail that was sent raw headers? Perhaps they sent the e-mails from code that calls out to Amazon SES?

[snehalvpatel86]

We will be sharing an entire post-mortem in the next few days. Currently, all our efforts are focused on getting the service up and running and to ensure our users’ interests are taken care of.

[jacquesm]

> and to ensure our users’ interests are taken care of.

Every time I see that line I know that 'users interests are not currently taken care of'. If it were you'd be taking the GP a bit more serious, he's supposedly one of those users you're trying to take care of. If all you're going to do here is to say 'nothing to see here folks and we're on top of it' then you might as well say nothing.

[ceejayoz]

That you're not saying "the passwords and other details mentioned in the email are bullshit" is concerning.