Mimecast says hackers abused one of its certificates to access Microsoft accounts

Mimecast, a provider of email management software, said learned of the security incident from Microsoft.
Written by Catalin Cimpanu, Contributor
Image: Mimecast, Romain Morel

Mimecast, a company that makes cloud email management software, disclosed a security incident today, alerting customers that "a sophisticated threat actor" has obtained one of its digital certificates and abused it to gain access to some of its clients' Microsoft 365 accounts.

The London-based email software company said the certificate in question was used by several of its products to connect to Microsoft infrastructure.

The products that used this certificate include Mimecast Sync and Recover, Continuity Monitor, and IEP products, the company said in a message posted on its website earlier today.

Mimecast said that around 10% of all its customers used the affected products with this particular certificate; however, the "sophisticated threat actor" abused the stolen certificate to gain access to only a handful of these customers' Microsoft 365 accounts.

The email software provider put this number at under 10, describing it as a "low single digit number," and said that it already contacted all the affected customers.

To prevent future abuse, the company is now asking all other customers to "immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate [they] 've made available."

Mimecast said it's now working with a third-party forensics expert, Microsoft, and law enforcement to investigate how the certificate was compromised and its aftermath.

The London-based company said it learned of the incident from Microsoft after the tech giant detected unauthorized access to some accounts.

A Mimecast spokesperson would not comment if the security incident was somehow related to the recent SolarWinds supply chain attack.

Editorial standards