IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mimecast dumps SolarWinds after hackers breached its network

The email security firm has confirmed that SolarWinds hackers gained access to a "limited number of our source code repositories"

Email security provider Mimecast has admitted that SolarWinds hackers managed to breach its networks and access source code repositories. 

In a statement, the company said that investigations have confirmed that hackers used the SolarWinds supply chain compromise to gain access to part of its production grid environment.

“Using this entry point, the threat actor accessed certain Mimecast-issued certificates and related customer server connection information,” the firm said.

Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. 

“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added.

Mimecast joins Microsoft in having source code accessed by SolarWinds hackers. Last month, Microsoft admitted that hackers had downloaded some source code for its Azure, Exchange, and Intune cloud-based tools.

Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers.  

The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.

These hackers used the certificate to “connect to a low single-digit number of our mutual customers’ Microsoft 365 tenants from non-Mimecast IP address ranges.”

Related Resource

Modern networking for the borderless enterprise

Five ways top organisations are optimising networking at the edge

Modern networking for the borderless enterprise - whitepaper from InfobloxDownload now

Mimecast said that while evidence showed that this certificate was used to target only a small number of customers, it “quickly formulated a plan to mitigate potential risk for all customers who used the certificate”.

“We made a new certificate connection available and advised these customers and relevant supporting partners, via email, in-app notifications, and outbound calls, to take the precautionary step of switching to the new connection,” the firm said.

Since the incident, Mimecast has reset all affected hashed and salted credentials. It is also in the process of implementing a new OAuth-based authentication and connection mechanism between Mimecast and Microsoft technologies, “which will provide enhanced security to Mimecast Server Connections”.

“We will work with customers to migrate them to this new architecture as soon as it is available,” the company said in a statement. 

Mimecasr has also confirmed that, as a result of the incident, it has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system. This makes it first SolarWinds hack victims to publicly announce they’re ditching the network monitoring platform for a competing product.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022