Monday.com removes feature after it was abused in phishing attacks

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.

The "Share Update" feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates. 

But a threat actor has now hijacked the feature to send out mass emails to people outside their account, leading to monday.com having to temporarily disable it.

No customer data compromised

The company told BleepingComputer it was made aware of phishing emails seemingly coming from its email accounts. The emails were sent via SendGrid, and were coming from the notifications@monday.com address. They passed SPF, DMARC, and DKIM authentications.

The messages pretended to come from the Human Resources department and asked the recipients to acknowledge the "organization's workplace sex policy" or submit feedback as part of a "2024 Employee Evaluation."

In the body of the email was a link, shortened with an URL shortener service, leading to a phishing form hosted on formstack.com. Since the forms have been removed in the meantime, we don’t know what kind of information the attackers were after. We also don’t know how many of these emails were sent.

"Unfortunately, a user misused this feature by sending a phishing message. We promptly suspended this user and removed the feature,” the company confirmed to the publication in a statement. "This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message."

Monday.com is a major project management platform, used by the likes of Uber, Canva, Coca-Cola, and others.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.