Mimecast, an email management company has disclosed an access breach, where a threat actor has stolen one of its digital certificates. This led the threat actor to use it for gaining access to Microsoft 365 accounts of some of its clients. Mimecast is investigating the incident and informing affected customers.
Using Stolen Digital Certificates to Access Office 365 Accounts
Mimecast, a London based firm that’s specialized in providing cloud-based email management, has disclosed a security incident today. In the notice posted, it revealed that “a sophisticated threat actor” has stolen one of its digital certificates.
The digital certificate in question was used by several products of Mimecast, like in Mimecast Sync and Recover, Continuity Monitor, and IEP products. Thus, anyone using any of those products may have potentially be breached. Mimecast mentioned the affected customers to be less than 10% of its total base.
It has also revealed that the threat actor has accessed Microsoft 365 accounts of a few of its customers, by abusing the stolen digital certificate. Thus, it’s now informing such affected customers, and asking them to
“immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate [they] ‘ve made available.”
It also said that it was informed by Microsoft initially about the incident when they had detected unauthorized access to some of its accounts.
While it’s unknown whether it’s related to the recent SolarWinds hacks in any way or not, Mimecast said it’s now informing the affected customers and is working with third-party forensics experts, law enforcement, and Microsoft to learn more about the incident.