Mimecast has announced that a certificate it issued has been compromised by a sophisticated threat actor.
This certificate was used by certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services.
Mimecast provides cloud cybersecurity services for email, data, and web to companies with archiving and continuity needed to prevent compromise.
The news that one of its certificates has been compromised is therefore of concern to the affected clients.
The good news is that only around 10% of Mimecast’s customers used the affected connection.
“Of those that do, there are indications that a low single-digit number of our customers’ M365 tenants were targeted,” Mimecast said.
The company added that they have already contacted the affected customers to remediate the issue.
As a precaution, Mimecast asked these customers to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available.
“Taking this action does not impact inbound or outbound mail flow or associated security scanning,” Mimecast said.
“We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.”