Monday.com removes feature after it was abused in phishing attacks

Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.

The "Share Update" feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates.

But a threat actor has now hijacked the feature to send out mass emails to people outside their account, leading to monday.com having to temporarily disable it.

No customer data compromised

The company told BleepingComputer it was made aware of phishing emails seemingly coming from its email accounts. The emails were sent via SendGrid, and were coming from the notifications@monday.com address. They passed SPF, DMARC, and DKIM authentications.

The messages pretended to come from the Human Resources department ...