Mimecast, an email management company has disclosed an access breach, where a threat actor has stolen one of its digital certificates. This led the threat actor to use it for gaining access to Microsoft 365 accounts of some of its clients. Mimecast is investigating the incident and informing affected customers.
Using Stolen Digital Certificates to Access Office 365 Accounts
Mimecast, a London based firm thatโs specialized in providing cloud-based email management, has disclosed a security incident today. In the notice posted, it revealed that โa sophisticated threat actorโ has stolen one of its digital certificates.
The digital certificate in question was used by several products of Mimecast, like in Mimecast Sync and Recover,ย Continuity Monitor, and IEP products. Thus, anyone using any of those products may have potentially be breached. Mimecast mentioned the affected customers to be less than 10% of its total base.
Also Read- NSA and Microsoft Warned Users Of An Old Security Flaw
It has also revealed that the threat actor has accessed Microsoft 365 accounts of a few of its customers, by abusing the stolen digital certificate. Thus, itโs now informing such affected customers, and asking them to
โimmediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate [they] โve made available.โ
It also said that it was informed by Microsoft initially about the incident when they had detected unauthorized access to some of its accounts.
While itโs unknown whether itโs related to the recent SolarWinds hacks in any way or not, Mimecast said itโs now informing the affected customers and is working with third-party forensics experts, law enforcement, and Microsoft to learn more about the incident.