ADVERTISEMENT

Temp Mail leaves systems wide open

Temp Mail, a popular disposable email provider, left its systems publicly open for over three months, risking potential breaches and large-scale malware spread.

Temp Mail data leak

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jun 14, 2023 Updated: 15 June 2023 3 min read
  • Temp Mail is a popular disposable email service provider with more than 10M app installations on Android alone.
  • A publicly accessible environment file (.env) exposed the company’s sensitive credentials.
  • Using leaked data, threat actors could’ve potentially accessed internal systems, manipulated or deleted crucial data, mimicked the company to spread malicious malware, and hijacked the official communication channel.
  • Cybernews contacted Temp Mail, and the company fixed the issue.

Access to internal systems

.env file
Leaked environment file. Image by Cybernews
ADVERTISEMENT
  • API keys for internal services
  • Android and iOS App Store issuer private keys
  • Google Firebase credentials
  • SendGrid API keys
  • AWS secrets

Possibility for large-scale malware spread

Hijacking official communication channels

Staying safe

ADVERTISEMENT