THREATNOIR
Subscribe
Back to Feed
Identity & AccessJun 3, 2026

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

Disabled security setting in Microsoft 365 Android apps allows account takeover via authentication bypass.

Read at source

Summary

A disabled security setting in Microsoft 365 Android applications (Word, PowerPoint, Excel) intended to protect authentication has left accounts vulnerable to widespread takeover attacks. Attackers can exploit this vulnerability to steal logins and access sensitive data across these applications. The flaw represents a critical gap in mobile app security controls affecting a widely-used productivity suite.

Entities

Microsoft (vendor)Microsoft 365 (product)Word (product)PowerPoint (product)Excel (product)Android (technology)