Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised.
They seem to be using SendGrid. I pinged the CEO and CTO of Autodesk, the official Autodesk account and the SendGrid account on X about this, but now, more than 24h later, the attack is still ongoing and nobody seems to be giving a flying fuck about it.
I also got the same email an hour ago. noreply@autodesk.com with subject "New Alert!". At first I was wondered why this OpenSea type scam email didn't automatically go into the spam folder, turned out to be from a verified domain.
Can confirm, I've got a DKIM passing email today asking me to sell my "Illuvium". DKIM auth result header:
> Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new); > dkim=pass (2048-bit key) header.d=autodesk.com
For this DKIM-Signature:
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autodesk.com; > h=from:subject:mime-version:list-unsubscribe:content-type:reply-to: > cc:content-type:from:subject:to; > s=s11; bh=...
MTA:
> Received: from ec2-3-8-140-122.eu-west-2.compute.amazonaws.com (unknown) > by geopod-ismtpd-13 (SG) with ESMTP id n5WDORJ6Taauv7FuUNA9Ug
I wonder if just their DKIM selector got stolen or someone owned their AWS accounts as well?
Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised.
They seem to be using SendGrid. I pinged the CEO and CTO of Autodesk, the official Autodesk account and the SendGrid account on X about this, but now, more than 24h later, the attack is still ongoing and nobody seems to be giving a flying fuck about it.
I also got the same email an hour ago. noreply@autodesk.com with subject "New Alert!". At first I was wondered why this OpenSea type scam email didn't automatically go into the spam folder, turned out to be from a verified domain.
I contacted Autodesk on X, as well as the CEO and CTO, but nobody seems to care so far.
I've got two emails in the last hour from them as well. (Opensea.io noreply@autodesk.com)
It's ridiculous that they're not reacting to this at all.