Cybersecurity company Malwarebytes said on Tuesday that some of its emails were breached by the same hackers who used the software company SolarWinds to hack into a series of U.S. government agencies.
Santa Clara, California-based company said that while it did not use software made by SolarWinds, the company at the center of the breach, it had been successfully targeted by the same hackers who were able to sneak into its Microsoft Office 365 and Microsoft Azure environments.
Malwarebytes said the hack gave the spies access to “a limited subset of internal company emails.” But it found no evidence of unauthorized access or compromise of its production environments – which could have had a potentially catastrophic impact because the company’s security products are used by millions of people.
“Our software remains safe to use,” the company’s statement said.
The SolarWinds hackers have previously been accused of stealing hacking tools from cybersecurity firm FireEye, accessing an unspecified number of source code repositories at Microsoft and hijacking digital certificates used by email defense firm Mimecast.
Cybersecurity firm CrowdStrike said late last month that it too had recently discovered an unsuccessful attempt to steal its emails. The company did not identify the hackers involved but two people familiar with its said they were the same suspected Russian hackers accused of breaching SolarWinds.