Details on Misconfigured Kubernetes NodePorts

Twilio SendGrid experienced a misconfigured Kubernetes network policy that exposed internal data on several cluster node hosts, including private DKIM keys used for digitally signing emails. The exposure occurred due to a Redis cache cluster being publicly accessible without authentication. Twilio's security team identified and mitigated the issue within hours of receiving it through their Bug Bounty Program. To mitigate further risks, Twilio is rotating exposed DKIM keys automatically for customers with automatic domain authentication configurations and recommending manual key rotation for those using manual security. The incident highlights the importance of regularly reviewing and updating security configurations to prevent similar misconfigurations in the future.