Answered

Transactional messages with highly sensitive data

M

Hey there 👋

 

We're thinking about using Intercom for transactional messages instead of SendGrid. However we've run into a security issue that we haven't been able to solve yet.

 

If we send emails with highly sensitive data (for example a password reset code/link as mentioned in your blog post) then anyone in the team who can access Intercom messages could hijack the customer's account using that sensitive data. That is not acceptable.

 

Is there any way we can mark certain parts of the message as sensitive so that neither the Intercom UI nor any data API/export exposes them?

 

Thank you,

Marc

icon

Best answer by Evan P 16 June 2022, 11:18

View original

4 replies

E

Hey Marc, 👋 thanks for reaching out! I'm one of the Support Engineers here at Intercom! 🔧

 

This isn't something we currently offer within Intercom. Anyone with access to the message / conversation will have access to the sensitive data, I do wish I had better news for you.

 

I am going to include this in my monthly report to the product team for relevant features our customers are looking for. Would you want to share anymore context about how this feature would be useful for your team? I'd be happy to include your use cases with this feedback for the team. 🙏

 

Also as a note, it's worth keeping an eye on the product changes page as we will announce any new releases to Intercom here!

 

 

M

Hey Evan, thanks for answering.

 

Use cases include:

  1. Verifying an email address (double opt-in for account creation, or converting a lead to a user, or newsletter sign-up)
  2. Log in by email link without password
  3. Password reset link
  4. Approval links for certain account actions

 

The use cases 2 & 3 would allow anyone in Intercom to hijack customer accounts by following the links themselves.

Basically anything where the email address is supposed to act as only authentication or as 2-factor authentication is at risk.

 

We thought about moving all transactional email to Intercom to have all customer communication in one place. However the issue above is one of two reasons that's not possible. And it doesn't make sense to use another system just for those sensitive exceptions. So we stick with SendGrid for the time being.

E

Hey @marc k12​ I really appreciate this feedback and your use cases are very insightful. I appreciate that currently our messaging capabilities don't fit your use case so I understand sticking with the one transactional messaging provider.

 

I'll pass this feedback along & if you do have anymore questions you can always reach back out here if it is relevant or through the forum! Thanks! 😀

H

Hi @marc k12​ 

We, at strac.io have solved the problem of any sensitive data not beig present in Intercom tickets by building an automatic detection redaction solution. You can learn more about that here: https://www.strac.io/integrations/intercom/p>

 

So, in your example: when password reset links OR verification of email address links are present in Intercom chats, Strac will automatically remove/redact/replace it with a different link that only your users can access and no one else.

Reply


Terms & ConditionsCookie settings