80% of Microsoft 365 accounts were hacked in 2022

60% of Microsoft 365 tenants have been succesfully hacked in 2022.

News

Reading time icon 3 min. read

Calendar icon Published on

by Flavius Floare 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • New research shows how fragile to hacking is Microsoft 365.
  • Microsoft Teams can be exploited by hackers in many ways.
  • There are still some steps you can make to protect yourself from being hacked.
microsoft 365 hacked 2022

A new study from the security company Proofpoint, shows that 81% of the Microsoft 365 Office accounts were hacked in 2022.

Even more, a staggering 60% of Microsoft 365 tenants suffered at least one successful account takeover incident in 2022.

Researchers at Proofpoint analyzed over 450 million malware attacks, over the second half of 2022, specifically targeting Microsoft 365 tenants.

They found out that Microsoft Teams is one of the ten most targeted sign-in applications, and almost 40% of targeted companies had at least one unauthorized login attempt to gain access to the company’s data.

You can see the top 10 most targeted apps in the second half of 2022, according to Proofpoint, below.microsoft 365 hacked 2022

40% of Microsoft Teams accounts had at least one hacking attempt in 2022

Microsoft Teams, the working space app, can be specifically abused by hackers.

Researchers at Proofpoint emulated all kinds of hacking scenarios that took advantage of Teams’ security gaps. They managed to target Teams with additional tabs for files, which allowed them to break through.

They could also easily place malicious URLs in chats, taking advantage of the fact that Teams doesn’t provide a visible URL bar.

Even more, researchers created a malicious website tab that pointed to a file. Teams then automatically downloaded the file to the user’s device, easily compromising an organization’s data and network.

Further, they also created malicious Microsoft Teams meetings, with corrupted links that would enforce a download of malware software.

Needless to say, Microsoft Teams can be easily weaponized against your company. It’s no wonder hackers target it specifically.

So what can you do to make sure your account, or organization, doesn’t get compromised? Proofpoint has a list of recommended actions that you should take to protect yourself from hackers and malware.

  1. Be aware: educate yourself and your organization to be aware of the risks when using Microsoft Teams.
  2. Secure your cloud: Identify the ones trying to hack your cloud environment. The sooner, the better, and the least unfortunate outcome.
  3. Secure your web environment: isolate potentially malicious links in Teams chats.
  4. Know when to limit access: especially when you’re the target, consider limiting its usage.
  5. Restrict the access of Teams to your team only: make sure your Teams services are internal only.

Microsoft is assuring users that Microsoft 365 has the best possible protection.

Regarding the findings made by Proofpoint, the Redmond tech giant has emphasized its Zero Trust Security program is more than capable of handling every hacking attack.

Have you ever experienced a hacking attack? Do you use Microsoft Teams? Let us know your experience with it in the comments section below.

More about the topics: Microsoft 365, Microsoft Teams

Flavius Floare

Flavius Floare Shield

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He's always curious and ready to take on everything new in the tech world, covering Microsoft's products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that's always ready to bring you the bleeding edge!