Email security provider Mimecast disclosed a security incident involving “a sophisticated threat actor” compromising one of its digital certificates and using it to gain access to some of the company clients' Microsoft 365 accounts.
In a statement posted on its website Mimecast said that the hackers abused one of the certificates the company issued for its customers to safely connect Microsoft 365 Exchange to Mimecast services. The company said that it was informed of the compromise by Microsoft.
“Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted. We have already contacted these customers to remediate the issue,” Mimecast said.
The company did not provide details on when the incident took place, or how the attackers managed to gain access to the compromised certificate.
As a precautionary measure, Mimecast advised its customers using certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate issued by the company.
“Taking this action does not impact inbound or outbound mail flow or associated security scanning,” Mimecast said.