Monday.com removes feature after it was exploited in phishing attacks
Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was exploited by a threat actor to send phishing emails.
The “Share Update” feature allows users to share real-time updates, progress or important information with team members or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set automatic notifications for certain updates.
But a threat actor has now hijacked the feature to send mass emails to people outside their account, forcing monday.com to temporarily disable it.
No customer data is compromised
The company said BleepingComputer it was made aware of phishing emails apparently coming from its email accounts. The emails were sent via SendGrid and came from the notifications@monday.com address. They have passed SPF, DMARC and DKIM authentications.
The messages pretended to be from the Human Resources department and asked recipients to acknowledge the organization’s “workplace sex policy” or provide feedback as part of an “Employee Evaluation 2024.”
In the body of the email was a link, shortened with a URL shortening service, that led to a phishing form hosted on formstack.com. Because the forms have since been deleted, we don’t know what information the attackers were looking for. We also don’t know how many of these emails were sent.
“Unfortunately, a user abused this feature by sending a phishing message. We immediately suspended this user and removed the feature,” the company confirmed in a statement in the publication. “This feature does not connect to or access any data hosted on monday.com for any customer accounts or data. We have contacted and shared precautions with the email recipients of the phishing message.”
Monday.com is a major project management platform used by Uber, Canva, Coca-Cola and others.