Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service.
In a post published on Tuesday, the company said that the certificate was used by about 10 percent of its customer base, which—according to the company—numbers about 36,100. The “sophisticated threat actor” then likely used the certificate to target “a low single digit number” of customers using the certificate to encrypt Microsoft 365 data. Mimecast said it learned of the compromise from Microsoft.
Certificate compromises allow hackers to read and modify encrypted data as it travels over the Internet. For that to happen, a hacker must first gain the ability to monitor the connection going into and out of a target’s network. Typically, certificate compromises require access to highly fortified storage devices that store private encryption keys. That access usually requires deep-level hacking or insider access.