Malware - Was postman hacked?


#1

I received an email tonight in our accounts payable email address stating that we had an upcoming payment due. The url in the link was:
https://app.getpostman%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.com/pay/billing
Thing is, we don’t have a pro account, but our accounts payable email alias may be listed in your systems.
So I just wanted to give you guys a head’s up in case your systems may have been compromised.


#2

@cdukes Odd - can you contact us at help@getpostman.com (with the contents of the email)? We’ll take a look.


#3

Sorry for the delay. Yes. I got another one today and will forward the headers.


#4

@cdukes There was a stray newline in the email template which led to the malformed link. This has since been fixed. NO Postman systems were compromised at any point.