Yet another organization has announced that it has been affected by the SolarWinds hack, after email security firm Mimecast confirmed itself among the victims.
The company noted that the threat actors accessed account credentials held by certain customers based in the US and UK.
Mimecast added that it was not aware of the stolen credentials being decrypted or misused but is advising customers located in the affected countries to reset their credentials as a precautionary step.
The fallout continues
“As we previously shared, when Microsoft informed us about the compromise of a Mimecast-issued certificate used to authenticate a subset of Mimecast’s products, we advised affected customers to break and re-establish their connections with newly issued keys,” the Mimecast blog read.
“The vast majority of these customers have taken this action, and Microsoft has now disabled use of the former connection keys for all affected Mimecast customers. We also launched an internal investigation, supported by leading third-party forensics experts, and we are coordinating our activities with law enforcement. Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor.”
Mimecast was initially informed that it may have been targeted by the SolarWinds hackers by Microsoft, after the Redmond-based firm noticed that some of its self-issued authentication certificates were compromised. Around 10% of Mimecast’s customers are believed to be affected.
Mimecast can at least take some small comfort from the fact that it is far from the only firm to be targeted by the SolarWinds hackers. Among the higher-profile victims, Malwarebytes, FireEye, and Microsoft have all been impacted.
The SolarWinds breach was first discovered late last year and affected organizations based all over the world. It is unlikely that the admission from Mimecast will be the end of the SolarWinds story.
