CloudSEK Logo
December 22, 2022

Hardcoded API Keys of Email Marketing Services Puts 54M+ Mobile App Users at Risk

CloudSEK’s  BeVigil, the world’s first security search engine for mobile apps, uncovered about  50% of the analyzed (600) apps, leaking API keys of three popular transactional and marketing email service providers; Mailgun, MailChimp, and Sendgrid. Transactional email services reduce developer time, improve deliverability and reduce support issues.

Together these three email service providers command a sizable market share of the global individual and retail population.

Authors & Contributors

Vishal Singh
As a Vulnerability Research Engineer at CloudSEK, Vishal conducts penetration tests on client-side assets and reports discovered vulnerabilities.
Mayank Pandey
Godson Bastin
Benila Susan
Bablu Kumar
Bablu is a technology writer and an analyst with a strong focus on all things cybersecurity
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

Hardcoded API Keys of Email Marketing Services Puts 54M+ Mobile App Users at Risk

CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered about 50% of the analyzed (600) apps, leaking API keys of three popular transactional and marketing email service providers; Mailgun, MailChimp, and Sendgrid.

Download ReportSchedule a demo

CloudSEK’s  BeVigil, the world’s first security search engine for mobile apps, uncovered about  50% of the analyzed (600) apps, leaking API keys of three popular transactional and marketing email service providers; Mailgun, MailChimp, and Sendgrid. Transactional email services reduce developer time, improve deliverability and reduce support issues.

Together these three email service providers command a sizable market share of the global individual and retail population.