close
close

Monday.com is removing the Share Update feature that was used in phishing attacks.

Project management platform Monday.com has removed its Share Update feature after threat actors abused it in phishing attacks.

Monday.com is a cloud-based project management platform that enables teams to organize and manage their work using automated workflows and dashboards. The platform is used by 225,000 customers including Coca-Cola, Canva, LionsGate, Oxy, Compass and Zippo.


On Tuesday, Monday.com customers told BleepingComputer they were concerned the company was compromised after receiving phishing emails from their email accounts.

These emails were sent using SendGrid and came from [email protected]Passing SPF, DMARC and DKIM authentication.

The phishing emails purported to be from a “human resources department” and asked users to either acknowledge the organization’s “workplace sex policy” or provide feedback as part of a “2024 employee review.”

A phishing email sent via Monday.com
Source: BleepingComputer

Embedded in the emails were links containing shortened URLs such as tinyurl.com, which led to phishing forms on formstack.com. The forms associated with these phishing campaigns have now been disabled, so BleepingComputer does not know what information was collected.

After contacting Monday.com about the phishing attacks earlier this week, they told BleepingComputer today that the attacks were carried out via their “Share Update” feature.

“We have been made aware of misuse of a monday.com feature called Share Update, which allows users to share an update with someone who is not a member of their account,” a Monday.com spokesperson told BleepingComputer.

“Unfortunately, a user abused this feature by sending a phishing message. We immediately suspended this user and removed the feature.”

“This feature has no connection to the data hosted on monday.com or access to customer accounts or data. We have contacted the email recipients of the phishing message and advised them of precautionary measures.”

Monday.com says the threat actor abused this feature by entering a list of email addresses to send a notification to, which could include people outside of his organization.

When asked how many people received an email, they declined to answer for security reasons, but said they contacted all recipients to warn them about the phishing emails.

For those who have used the Share Update feature, Monday.com told BleepingComputer that it is currently under review and cannot provide a timeline for when or if the feature will be restored.