Sendgrid Key Breached on Bubble App

Hi Bubblers,

Recently I woke up to 185 emails. Very strange as I typically get 15/20 per day on this particular inbox.

It turns out someone had sent 60k emails through my Sendgrid account. It was one of those classic DHL tracking phishing emails. The 185 emails were autoresponses.

To get to the point, there are 2 places that the Sendgrid key is exposed.

The first is the Bubble Settings (when you connect a domain)
The second is in the plugin I am using by Copilot.

Sendgrid are currently looking into the case and I am awaiting a response.

I have since rolled the keys.

So, the breach was either in my Bubble account (through exposed Key in db or a direct login) or through the Copilot plugin. The only 2 points in the world (if you discount a direct Sendgrid breach).

I have separated the Keys now, this means if another breach occurs, I will be able to identify the exact point.

Any ideas on what I should do next?

That’s really strange and quite scary.

Can you keep us updated with what you find?

Yep sure. Hopefully can get to the bottom of it. Some more info, Sendgrid placed a banner on my account that its not suspended but is under review. I imagine this a default measure whenever an email account maxes out its usage and the reputation score starts to dive. ( I was 99%, now currently 81%)