Email delivery service Mandrill has warned users that some email-related data may have been exposed after attackers accessed server data.
Data that may have been exposed includes internal logs about emails sent, including sender and recipient addresses but not custom metadata or the content of messages. “There’s not evidence that any customer data was queried or exported, but unfortunately we can’t completely rule out the possibility of access,” Brandon Fouts, general manager of Mandrill said in a blog post.
Those customers potentially affected are those who used Mandrill to send email between February 6th and March 10th and used Mandrill’s SMTP integration to send mail. Customers who used Mandrill’s SMTP integration should deactivate all API (application programming interface) keys and generate new ones as a precaution, Fouts wrote.