Overlay | VanRoey.be

Hackers visa OAuth API to access Office 365 accounts

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

OAuth (Open Authorization) is an authorization protocol that allows you to log in to another server, website or cloud portal using an existing login. A well-known example of this is logging in via your Google or Facebook account. For example, in the case of mobile apps. Microsoft uses this same open standard to allow other cloud services to connect to Office 365. For example, a Dropbox account that is synchronized with OneDrive or new Facebook posts that are written in an Excel document.

A blessing for users or hackers?

Despite the ease of use, there are also dangers: not all applications are equally transparent about the access rights obtained. Moreover, users appear to be nonchalant in granting access, so it should come as no surprise that there are more and more reports of affected users. This is also the case with Office 365 customers: on the Internet you can find numerous examples of Outlook users where e-mails were encrypted.

Screenshot hacked Outlook mailbox

Turn off ‘Application Consent by Users’ our advice!

Hackers have clearly changed the gun from shoulder to shoulder. In order to gain access to our valuable data, they no longer extract login data, but try to connect to malicious applications. For example, with Office 365 users. Our advice? As an administrator in Azure Active Directory, please enable ‘Application Consent by Users‘ off. As a result, end-users can no longer grant new rights to third-party applications. An action that also recommended by Microsoft.

Disabling this option has no effect on existing applications or on the operation of your Office 365 environment.

Is your Office 365 managed by us?

Then you can rest assured: this option has already been pre-emptively deactivated for all our customers. If you, as an admin, still want to enable this function again, we recommend that you first use the ‘Admin Consent Workflow‘ configurable so that new connections can first be approved by an administrator.

If you have any questions about this message, don't hesitate to contact us in time. contactable.

“Hackers have clearly changed the gun from shoulder to shoulder. To access our precious data, they no longer extract our login details, but try to connect through malicious applications.”

Written by:

Tom Hufkens
Marketing Manager

He started his career at VanRoey.be in 2008, first as a Retail Manager for many years and then made the switch to marketing a few years ago.

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Related info