My SendGrid account was compromised and used to send over 60,000 spam emails. I did not authorize this activity, and I followed all security best practices: 2FA was enabled, API keys were revoked immediately, IP restrictions were put in place, and I submitted everything they requested — including multiple Root Cause Analyses (RCA).Despite this, SendGrid:Did not alert me during the abuse, only after charging my card for $624.33Allowed mass API abuse to continue even after I deleted all API keysRepeatedly ignored my RCA submissions, instead copy-pasting the same request from different support agentsUltimately refused to issue a refund or reinstate the account, blaming me for "not identifying the root cause" — despite finding no credential leaks on my endThis is a pattern of behavior designed to stall, deny responsibility, and shift blame onto the customer — even when the platform itself failed to prevent or detect massive unauthorized usage.I've since filed a formal credit card dispute and submitted complaints to the BBB and FTC. If you’re a developer or small business relying on SendGrid, be warned: if anything goes wrong, you’re on your own — and they’ll bill you for fraud they didn’t stop.
Claim your business profile now and gain access to all features and respond to customer reviews.
We take care of the messy telecom hardware and expose a globally available cloud API that developers can interact with to build intelligent and complex communications systems. As your app's usage scales up or down, Twilio automatically scales with you. You only pay for what you use - no contracts, no shenanigans.
