Mimecast have announced that one of their authentication certificates used by Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor“. Mimecast secure emails for customers using email services such as Microsoft 365. Users can apply Mimecast’s security services to their emails by creating a connection to Mimecast’s server.
The Mimecast certificate that has been compromised is used to authenticate and verify the connection made to Mimecast’s Continuity Monitor, Sync and Recover, and Internal Email Protect (IEP) services.
Mimecast have remain relatively silent on the matter but a spokesperson said, “our investigation is ongoing and we don’t have anything additional to share at this time. All updates from Mimecast will be delivered through our blog.”