<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Mimecast Breach Bulletin: Vulnerability 01-26-21

Mimecast SolarWinds Vulnerability

On January 26th, 2020, Mimecast released an updated statement about the compromise first published on January 12th 2020.

Initially believed to be a targeted attack against a few select Mimecast customers, their follow-on investigation revealed a much wider attack surface. Mimecast was also able to conclude that this attack was the same threat actor behind the Solarwinds breach, which was the cause of their infection. The attackers were able to do following:

“The threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.”

Datashield and Mimecast are not aware of any of these credentials being decrypted and/or used. However, as a precaution, we are recommending clients reset these secrets to ensure they are not misused in the future.


If you have any questions or concerns reach out to us or start a chat.

Topics from this Article

Mimecast, News, Email Security, CVE

Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security

Security Advisory Kaseya VSA

Datashield Security Advisory: