Email Incident 26th-27th May 2026

​

We confirm that an unauthorised third party obtained an access key that provided access to our email sending infrastructure.

 

We are aware that emails were sent from our infrastructure without our knowledge or authorisation during this period. We had no involvement in this activity.

 

No customer data or internal systems were accessed as part of this incident.

 

Incident Timeline

 

- May 20, 2026: Unauthorised access to our email sending infrastructure first obtained using a compromised access key

- May 21–26, 2026: Attacker conducted reconnaissance on our email sending configuration

- May 26-27, 2026 (Around 22:00 UTC): Unauthorised emails sent from our infrastructure

- May 27, 2026 (06:00 UTC - 08:00 UTC): Incident identified, access key immediately disabled and sending suspended

 

Root Cause

 

Our investigation into the precise method of compromise is ongoing.

 

Impact

 

Unauthorised emails were sent from our infrastructure between May 26 and May 27, 2026 in a very short time span. No customer data or internal systems were accessed as part of this incident. Sending was suspended and the compromised key revoked upon identification.

 

Mitigation and Containment Actions Taken

 

- Disabled and permanently revoked the compromised access key

- Rotated account credentials

- Rotated all email sending credentials

- Reviewed and audited all verified sending identities

- Implemented enhanced monitoring and alerting on sending activity

 

Preventative Measures

 

- Implemented least-privilege access controls on email infrastructure

- Deployed enhanced monitoring and alerting for anomalous API activity

- Conducting security awareness review for developer credential handling

 

We are reviewing our credential management practices across the organisation to prevent recurrence.