Mimecast discloses Microsoft 365 SSL certificate compromise

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,520
Email security company Mimecast has disclosed today that a "sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services.
Mimecast discovered that the certificate was compromised after recently receiving a notification from Microsoft.

"Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

While the exact number of customers who used the stolen certificate to secure the connection used for Microsoft 365 cloud synchronization server tasks was not disclosed, Mimecast says that roughly 10 percent of their customers "use this connection."
The company says that it currently has more than 36,000 customers, with 10% of them amounting to roughly 3,600 affected customers.