Autodesk Email System Hacked
I just got an email from "noreply@autodesk.com", claiming to be from "opensea.io".
The email is domain-verified (for Autodesk.com) by Google, so it seems the Autodesk email system has been compromised. Can confirm, I've got a DKIM passing email today asking me to sell my "Illuvium". DKIM auth result header: > Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new);
> dkim=pass (2048-bit key) header.d=autodesk.com For this DKIM-Signature: > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autodesk.com;
> h=from:subject:mime-version:list-unsubscribe:content-type:reply-to:
> cc:content-type:from:subject:to;
> s=s11; bh=... MTA: > Received: from ec2-3-8-140-122.eu-west-2.compute.amazonaws.com (unknown)
> by geopod-ismtpd-13 (SG) with ESMTP id n5WDORJ6Taauv7FuUNA9Ug I wonder if just their DKIM selector got stolen or someone owned their AWS accounts as well? Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised. They seem to be using SendGrid. I pinged the CEO and CTO of Autodesk, the official Autodesk account and the SendGrid account on X about this, but now, more than 24h later, the attack is still ongoing and nobody seems to be giving a flying fuck about it. I got a similar one from Autodesk, but it was about Magic Eden instead of OpenSea. I knew it was fake, but I still clicked the link to see how it could be on Autodesk (because the link showed an Autodesk URL). Of course, I did not connect my wallet or do anything else, I just looked at the page and then closed it. Am I in any danger? I also got the same email an hour ago. noreply@autodesk.com with subject "New Alert!". At first I was wondered why this OpenSea type scam email didn't automatically go into the spam folder, turned out to be from a verified domain. I contacted Autodesk on X, as well as the CEO and CTO, but nobody seems to care so far. I've got two emails in the last hour from them as well. (Opensea.io noreply@autodesk.com) It's ridiculous that they're not reacting to this at all.