Signal

Hijacked outlook add-in reportedly used to steal 4,000+ microsoft credentials

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-11 17:45 UTCUpdated 2026-02-11 21:53 UTC

rss

phishingcredential_theftsupply_chainmicrosoftoutlookmalicious_addin

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

bleepingcomputer_all · News · bleepingcomputer.com · 2026-02-11 21:53 UTC

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

thehackernews · News · thehackernews.com · 2026-02-11 17:45 UTC

limited source diversity in top sources

View all evidence

Overview

Two security news outlets report on research from Koi Security alleging a supply-chain style compromise of a Microsoft Outlook add-in: an attacker took control of a domain tied to an abandoned legitimate add-in and used it to present a fake Microsoft login flow, resulting in large-scale credential theft.

Entities

MicrosoftKoi SecurityMicrosoft OutlookAgreeTo

Score total

1.01

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Multiple outlets are amplifying Koi Security’s findings
Reports describe in-the-wild activity with a quantified credential-theft impact

Why it matters

Shows how trusted Outlook add-ins can be abused for credential phishing
Highlights risk from abandoned add-ins and takeover of associated domains
Stolen Microsoft credentials can enable broader account compromise

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Koi Security says an attacker claimed a domain linked to an abandoned legitimate Outlook add-in and used it to serve a fake Microsoft login page.
The hijacked AgreeTo Outlook add-in was reportedly used as a phishing kit to steal more than 4,000 Microsoft account credentials.

How sources frame it

The Hacker News: neutral
BleepingComputer: neutral

Reports describe a domain-takeover style supply-chain abuse of an Outlook add-in leading to credential phishing.

All evidence

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

bleepingcomputer_all · bleepingcomputer.com · 2026-02-11 21:53 UTC

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

thehackernews · thehackernews.com · 2026-02-11 17:45 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

bleepingcomputer_all (1)
thehackernews (1)

Top origin domains (this list)

bleepingcomputer.com (1)
thehackernews.com (1)