BleepingComputer reports that widely used cloud-based project management platform Monday.com had its "Share Update" feature removed following its exploitation to facilitate the delivery of phishing emails from its email accounts disclosed by its customers earlier this week.
Intrusions misusing the Share Update functionality involved attackers purporting to be from "Human Resources" who leveraged the "[email protected]" email address to send messages seeking feedback for this year's employee evaluation or an acknowledgment of organizational "workplace sex policy," which include links redirecting to formstack.com-hosted phishing forms. Attackers were able to leverage Share Update by providing a list of email addresses which would receive notifications, according to Monday.com, which has already suspended the user behind the exploitation.
"This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message," noted a Monday.com spokesperson.