The company said in a blog post that about 10% of its customers used such connections but did not provide a number. According to Reuters, Mimecast has more than 36,000 customers.
Former NSA elite hacker Jake Williams said it was not possible to speculate on the impact until he knew what the certificate was provisioned for.
"Not sure what the impact is until we know what the certificate was specifically provisioned for," Williams, the owner of private firm Rendition Infosec, told iTWire in response to a query.
In its statement, Mimecast said that of the customers who used this connection, "there are indications that a low single digit number of our customers’ M365 tenants were targeted. We have already contacted these customers to remediate the issue".
The Mimecast statement comes a little more than a month after the cyber security firm FireEye disclosed on 9 December AEDT that it had been compromised and had its Red Team tools stolen.
Five days later, FireEye published details about attacks using malware which it called SUNBURST; it said this malware had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds.
There has been no claim as yet of any connection between the SolarWinds incident and the Mimecast certificate compromise.
Mimecast said: "As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available.
"Taking this action does not impact inbound or outbound mail flow or associated security scanning.
"The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate."