Mailgun security incident and important customer information

Mailgun has now completed its diagnostic of accounts that were affected and has notified each of the affected users. At this time, we believe less than 1% of our customer base was potentially affected. If you were not directly notified by Mailgun regarding this incident, then your account was not affected. We are engaging with a third-party security team to complete an additional audit of this incident to validate our findings.

Finally, we’d like to assure our customers and partners that we take security at Mailgun very seriously. We are using this as an opportunity to further evaluate the security of our platform to better serve and protect our customers. We will provide an update upon the completion of our investigation.

If you have any questions, please do not hesitate to contact security@mailgun.net. For media inquiries, please contact media@mailgun.net.

Questions you may have

Who was affected?

Only a small subset of Mailgun accounts were impacted. We have directly notified all affected users. If you did not receive a notification email, your account was not among those affected.

What do I need to do to protect my account?

If you were notified that your account was affected, we advise that you do the following to protect your account from unauthorized access: 1) Rotate your Mailgun API keys (click here for more info on how this process works) 2) Change your SMTP username and passwords (this article shows you where to manage your SMTP credentials)

Was my account billing or credit card information compromised?

No. Customer payment information was not compromised.