Another day, another hack
A threat actor compromised a Mimecast certificate used to authenticate several of the company’s products to Microsoft 365 Exchange Web Services, the email security vendor disclosed Tuesday.
Mimecast said the compromised certificate was used to authenticate its Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365.
The company has asked customers using this certificate-based connection to Microsoft 365 to immediately delete the existing connection within their Microsoft 365 tenant. Customers should then re-establish a new certificate-based connection using a new certificate that Mimecast has made available, according to Mimecast.
“The security of our customers is always our top priority,” Mimecast said in a statement issued Tuesday morning US time.
“We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.”
From the type of certificate likely compromised to the impact of this hack on Mimecast’s email security rivals to whether the attack is tied to the massive SolarWinds breach, here are five of the most important things to know about the Mimecast hack.