Security News > 2021 > March > Mimecast Says SolarWinds Hackers Stole Source Code

Mimecast Says SolarWinds Hackers Stole Source Code
2021-03-17 12:20

Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack, and revealed that the threat actor managed to steal some source code.

Mimecast was one of the several cybersecurity companies to confirm being targeted by the hackers who breached the systems of IT management solutions provider SolarWinds.

The tech giant had noticed that a certificate used by Mimecast customers to authenticate certain products with Microsoft 365 services had been compromised.

The hackers obtained encrypted service account credentials created by customers in the US and UK. These credentials, which are used for connections between Mimecast tenants and on-premises and cloud services, do not appear to have been decrypted or misused.

"We have no evidence that the threat actor accessed email or archive content held by us on behalf of our customers," Mimecast said in an incident report published on Tuesday.

"We believe that the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service. We found no evidence that the threat actor made any modifications to our source code nor do we believe that there was any impact on our products," Mimecast said.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/nRQiSBAdGaI/mimecast-says-solarwinds-hackers-stole-source-code

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215