The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, the same exploit used in the 2016 Dyn incident.
The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords.
ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market.
New tactics aimed at business executives and users are being used to reap greater reward from email based fraud, which continues to rise, researchers said.
The organization accidentally sent the names, email addresses, gender and professional information of users of its portal Agora in an email sent in August.