SmarterTools was breached by hackers exploiting a vulnerability in its own SmarterMail software through an unknown virtual machine set up by an employee that wasn’t being updated.

“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed throughout our network,” SmarterTools COO Derek Curtis noted in a Feb. 3 post. “Unfortunately, we were unaware of one VM, set up by an employee, that was not being updated. As a result, that mail server was compromised, which led to the breach.”

Network segmentation helped limit the breach, Curtis said, so the company website, shopping cart, account portal, and other services “remained online while we mitigated the issue. Non...