Hackers Exploit Microsoft's Own Login System to Steal M365 Accounts

Cybercriminals exploit OAuth device codes to hack Microsoft 365 accounts, using phishing emails and fake logins undetected by security tools.

By Content Team

Dec 22, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are using a clever new trick to break into Microsoft 365 accounts by abusing OAuth device codes—a legitimate Microsoft feature meant for smart TVs and similar devices. The scam works by sending phishing emails with fake document links that generate real device codes. Victims then enter these codes on Microsoft's actual login page at microsoft.com/devicelogin, unknowingly handing over account access to hackers.

Two main tools are driving these attacks: SquarePhish2 uses QR codes for mass campaigns, while Graphish creates fake login pages that steal both passwords and authentication tokens. By September 2025, these attacks became widespread, targeting everyone from corporate users to government officials.

Since the attack uses Microsoft's real authentication system, it's extremely hard to detect with traditional security tools.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested

Jan 10, 2026

Cyber Attack Forces Nuneaton School to Close for Three Days

Jan 16, 2026

Ingram Micro Ransomware Attack Exposes 42,000 People's Personal Data

Jan 19, 2026

Iran-Linked Hackers Disrupt Medical Giant Stryker's Global Operations

Mar 13, 2026