Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. “In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added. Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers. The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.