Monday.com, a popular project management and collaboration tool, recently faced a cybersecurity incident that forced it to take action. The platform had to disable its “Share Update” feature following reports of abuse by a threat actor using it to conduct phishing attacks.
The “Share Update” feature on Monday.com was designed to allow users to share real-time information, progress updates, and important data with team members and stakeholders. This feature enabled users to post updates, attach files, mention team members, and set up notifications. Unfortunately, threat actors exploited this functionality to send out mass phishing emails to individuals outside the users’ accounts.
Reassurance: No customer data compromised
Despite the phishing attacks facilitated through the platform, Monday.com assured users that no customer data was compromised during the incident. The company learned about the misuse of its feature when phishing emails, purportedly from Monday.com email accounts, were detected. These emails, which appeared to be sent from [email protected] via SendGrid, passed various email authentication protocols like SPF, DMARC, and DKIM.
The phishing emails posed as communications from the Human Resources department, prompting recipients to acknowledge workplace policies or provide feedback for an alleged “2024 Employee Evaluation.” The emails contained links shortened through URL shortening services, redirecting recipients to phishing forms hosted on formstack.com. The specific intentions of the attackers and the exact scope of the phishing campaign remain unclear due to the swift removal of the phishing forms.
Following the discovery of the abuse of the “Share Update” feature, Monday.com took immediate action. The company suspended the user responsible for the phishing message and disabled the feature to prevent further misuse. Monday.com clarified that the feature’s suspension did not impact data stored on the platform or access to customer accounts. Moreover, the company proactively reached out to individuals who received the phishing emails to provide guidance on identifying and avoiding such scams.
Monday.com, utilized by prominent organizations like Uber, Canva, and Coca-Cola, highlights the importance of vigilance and swift response to cybersecurity threats in today’s digital landscape.
