the article talked about how the sendgrid accounts are real, and presume compromised.
I suspect that once the sendgrid account is compromised, they then send out these phishing emails, hoping to compromise _other_ sendgrid accounts to look for password overlap and/or keep the flow going.
I suspect that once the sendgrid account is compromised, they then send out these phishing emails, hoping to compromise _other_ sendgrid accounts to look for password overlap and/or keep the flow going.