ADVERTISEMENT

Attackers abusing OAuth to maintain access long after passwords are reset

Hackers are exploiting a loophole to retain access to hijacked user accounts, even after password resets and multi-factor authentication are enforced. They do this by creating internal malicious web apps and issuing OAuth tokens to maintain persistent access.

OAuth
Ernestas Naprys
Ernestas Naprys Senior Journalist
Oct 21, 2025 3 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

A novel persistence mechanism

ADVERTISEMENT
Has my data been leaked?
  • SharePoint documents and collaborative content
  • OneDrive stored files
  • Teams messages and channel data
  • Calendar information
  • Organizational contacts
  • Other Microsoft 365 resources

ADVERTISEMENT