Their previous marketing mails were send using Amazon SES. Just like this one successfully signed with DKIM. Looks like the hacker had access to their Amazon SES credentials.
Their previous marketing mails were send using Amazon SES. Just like this one successfully signed with DKIM. Looks like the hacker had access to their Amazon SES credentials.