Breach, Channel partners, Content

Mimecast Certificate Compromised: What MSSPs Need to Know

A sophisticated threat actor has compromised a certificate used to authenticate Mimecast products to Microsoft 365 Exchange Web Services, according to a prepared statement. The compromise impacts Mimecast Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) users who leverage a certificate-based connection to Microsoft 365.

Approximately 10 percent of Mimecast customers may be affected by the compromise, the company said. However, Mimecast indicated that a low single-digit number of these customers' Microsoft 365 tenants may have been targeted.

Mimecast is asking affected customers to delete their existing connection within their Microsoft 365 tenant and establish a new certificate-based connection using the new certificate that the company has released. This action will have no impact on inbound or outbound email flow or security scanning.

In addition, Mimecast has notified affected customers to remediate the issue. Mimecast also is working with a third-party forensics expert to investigate the compromise and will work with Microsoft and law enforcement as needed.

A threat actor has compromised a certificate used to authenticate Mimecast Sync & Recover, Continuity Monitor & IEP to Microsoft 365 Exchange Web Services.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.