Has Brevo (formerly SendInBlue) been compromised?

Question

I've been trying to figure out how it was that 20k crypto-bullshit spam messages have been "loaded by proxy" on my account.I've made sure 2FA is enabled, I've made sure no other logins are active in my account, but still everytime I delete an API key from the admin panel a new one reappears a few minutes later.I can't understand how this is happening unless they themselves have been compromised.Waiting for 2 hours so far for a response from their support.

viraptor · Accepted Answer

If you've double-checked that logout/invalidation doesn't help, you could try the twitter support... "Does anyone know a security contact at Brevo? #infosec" That's usually a good way to turn some heads.

brevo_official · Answer

Hi there, we appreciate your diligence in keeping us informed about potential security breaches, and we are happy to address your concerns. After thoroughly investigating the matter, we can confidently assure you that there has been no security breach at Brevo. The issue mentioned in this thread appears to be isolated and specific to this case.If you have any further questions or concerns regarding this matter, please do not hesitate to reach out to us on contact@brevo.com. We are here to provide any additional information and support you may need. Thanks and have a great day, your Brevo team

viraptor · Answer

> I can't understand how this is happening unless they themselves have been compromised.There may be some nuance between "been compromised" and "have a bug where not all sessions are invalidated". (As in, can anyone's account be compromised, or do they need a legit first login to keep coming back)

elbayvan · Answer

Did you check the logs of your account in the dashboard? Can you see the email sent?