Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature
A cybersecurity firm has warned of a surge in attacks targeting Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorisation flow. The campaigns bypass multifactor authentication by tricking users into entering device codes on legitimate Microsoft login pages, granting attackers direct access without stealing passwords. Activity has reportedly increased since September 2025 and involves both cybercriminal and state-aligned groups. The company says the attacks enable data theft, lateral movement, and persistent access, and urges organisations to restrict device code authentication and strengthen user awareness.
