Microsoft Store Outlook Add-in Hijack Steals 4,000 Accounts

Summary

• The AgreeTo add-in for Microsoft Outlook was hacked and turned into a tool for stealing credentials, affecting over 4,000 Microsoft accounts.
• The hackers took over an abandoned domain that was previously linked to a legitimate add-in to serve a fake Microsoft login page within the sidebar of Outlook.
• In addition to Microsoft credentials, the compromised add-in captured victims’ credit card information and banking security answers.
• Microsoft removed the harmful add-in from its store after Koi Security, a security firm, discovered the attack, which they dubbed “AgreeToSteal.”
• This incident is one of the first known cases of a harmful add-in being hosted directly on Microsoft’s own Marketplace, bypassing standard security measures.

Microsoft Store Add-in Attack Affects Thousands of Accounts

In a worrisome turn of events for Microsoft users, cybersecurity researchers have discovered a sophisticated supply chain attack that targets Outlook users through an add-in that appears to be legitimate. The AgreeTo Outlook add-in, which was once a trusted scheduling tool, was taken over by hackers who turned it into a mechanism for stealing credentials. Koi Security, the cybersecurity firm that discovered the breach, found that more than 4,000 Microsoft accounts were compromised before Microsoft removed the add-in from its store.

The scariest part of this attack is that it was carried out through Microsoft’s own Marketplace – a platform that users naturally trust when they download software extensions. The attackers didn’t have to fool users into visiting dodgy websites or opening harmful attachments. Instead, they took advantage of the existing installation base and trust that comes with a previously legitimate add-in, creating what security experts believe is one of the most successful phishing schemes aimed at Microsoft users in recent years.

How the AgreeTo Outlook Add-in Was Compromised

The attack, which researchers have dubbed “AgreeToSteal,” is a more advanced version of supply chain attacks that target productivity software. Instead of creating a malicious add-in from the ground up, the attackers found and exploited a vulnerability in the software distribution lifecycle – a legitimate but abandoned add-in with an existing user base. This method allowed them to get around Microsoft’s initial security screening process, as the add-in had already been vetted and approved for the Microsoft Store.

The Story Behind AgreeTo

Prior to the compromise, AgreeTo served as a scheduling assistant for Microsoft Outlook users. It made calendar management and meeting coordination easier, which led to its adoption by thousands of users. Microsoft initially signed the add-in’s manifest in December 2022, allowing it to be distributed through the official Microsoft Store.

AgreeTo, like many other productivity add-ins, asked for certain permissions to work properly. These included the ability to read and change emails. These permissions would later turn out to be disastrous when they fell into the wrong hands. The add-in directed to a legitimate domain at “outlook-one.vercel.app” for its functionality. At the time, this hosted the real scheduling interface that users were expecting.

The creator of AgreeTo eventually stopped working on the project and, crucially, did not maintain control of the related domain. This created an ideal opportunity for attackers, who realized that the add-in was still available in the Microsoft Store even though its creator had abandoned it.

“The risk with add-ins is that what’s approved at submission time isn’t necessarily what runs inside Outlook at any given moment,” explained a Koi Security researcher. “In AgreeTo’s case, Microsoft signed the manifest in December 2022, pointing to outlook-one.vercel.app. That same URL is now serving a phishing kit, and the add-in was still listed in the store.”

How Attackers Claimed the Abandoned Domain

The attack hinged on the abandoned domain that powered the add-in’s functionality. When the original developer stopped maintaining the project, they eventually let the domain registration lapse. Attackers monitoring for such opportunities claimed the domain, now possessing control over what content would be displayed whenever a user opened the AgreeTo add-in within their Outlook interface.

Turning a Legitimate Tool Into a Phishing Weapon

After the attackers took over the domain, they turned the previously harmless add-in into a clever phishing tool. Rather than providing the scheduling features that users were expecting, the hijacked domain started showing a convincing copy of Microsoft’s login page right in the Outlook sidebar. This phishing method was especially successful because the login prompt was shown within the trusted Microsoft Outlook application itself, removing many of the warning signs that users are usually trained to look for in phishing attacks.

The altered version of AgreeTo took advantage of the wide-ranging permissions it had already been given. As a legal add-in, AgreeTo had been granted permission to access email content and calendar data – permissions that stayed active even after the domain was transferred. These permissions enabled the attackers to keep their hold within victims’ Outlook accounts even after the first theft of credentials.

The Clever Phishing Method Employed

This attack was different from the usual phishing attempts because it was flawlessly integrated into the legitimate interface of Microsoft Outlook. Users were not redirected to external websites via dubious links. Rather, the phishing page was shown directly within the trusted Outlook setting, specifically in the sidebar where add-ins usually show their interfaces. This method significantly boosted the success rate of the phishing attempt, as users had little cause to doubt the legitimacy of a login prompt appearing within Microsoft’s own software.

Counterfeit Microsoft Login Page in Outlook Sidebar

When users opened the compromised AgreeTo add-in, they saw what looked like a standard Microsoft authentication prompt. The design was an exact replica of Microsoft’s actual login page, including the company’s logo, color scheme, and familiar layout. Users were told that they needed to authenticate to access the add-in’s features – a requirement so common that it didn’t raise many suspicions.

The fraudulent page asked for usernames and passwords, as well as extra security information under the pretense of verification needs. The request was made within Outlook itself, not a browser, so many typical phishing red flags like suspicious URLs or browser security alerts were missing. This made it much harder for even security-savvy users to spot the scam.

The Extent of Data Theft

Analysts at Koi Security were able to access the channel used by the attackers to exfiltrate data, and they found that the stolen data was far more extensive than they had initially thought. The attackers didn’t just steal Microsoft account credentials, but also a wide range of personal and financial data. This indicates that the attackers weren’t just interested in accessing Microsoft services, but were also planning to use the stolen data for identity theft or financial fraud in the future.

Microsoft Account Information

The main goal of the attack was to steal Microsoft account information, such as usernames and passwords. This information gave attackers the potential to access all of a victim’s Microsoft services, including Outlook email, OneDrive storage, Microsoft 365 applications, and any other services where the same login information might be used. For business users, this could potentially extend to corporate resources if proper security measures weren’t in place.

Credit Card Details

Not only did the phishing kit gather basic login details, but it also tricked users into submitting their credit card information under the guise of confirming their identity. The form requested full card numbers, expiry dates, CVV codes, and billing addresses. To make the request seem regular and reliable to victims who were used to keeping payment methods in their Microsoft accounts, the attackers styled their phishing form to look like Microsoft’s genuine payment verification process.

Security Questions and Answers

One of the more intrusive aspects of the attack was that victims were asked to provide answers to typical security questions used by banks. These included personal details like the maiden name of the victim’s mother, their first pet, the street they grew up on, and other answers typically used for security verification. By gathering these responses, the attackers were able to create detailed profiles that could be used to hack into financial accounts outside of the Microsoft ecosystem.

How the Cybercriminals Used the Stolen Data

The security experts from Koi Security saw the cybercriminals using the stolen data in real-time during their inquiry. This live verification process enabled the criminals to swiftly identify which accounts could be further exploited. The investigators found signs of automated scripts being used to verify login information across different platforms, indicating that the cybercriminals were planning a larger attack, not just on Microsoft accounts.

The phishing kit was used to gather financial information, which was then organized and likely prepared for sale on the dark web. The researchers discovered that the stolen data was neatly categorized in databases, with flags indicating which accounts had been verified as active and which contained valuable additional information such as credit card details. This level of organization suggests a sophisticated operation with clear monetization strategies, rather than opportunistic hacking.

Microsoft’s Action After the Add-in Breach

As soon as Koi Security informed Microsoft about the attack, the company immediately removed the compromised AgreeTo add-in from its store. This quick action came after researchers showed that the add-in was stealing user credentials and financial information. However, it is still unclear how such a breach could happen on Microsoft’s official marketplace.

Discovery and Removal Timeline

Koi Security researchers first spotted the compromise during a routine security audit of Microsoft Marketplace add-ins in early February 2026. The security firm immediately set up a monitoring system to track the attack’s scope and alerted Microsoft’s security response team at the same time. Microsoft had finished their initial investigation and removed the add-in from their store within 24 hours of being notified.

Even though the response was swift, the add-in had been running in its compromised state for a number of weeks before it was detected. The attackers had systematically taken over the abandoned domain, changed the add-in’s functionality, and started to harvest credentials while keeping the appearance of normal operation. This stealthy approach let them gather thousands of compromised accounts before security researchers noticed the unusual behavior patterns.

“Microsoft’s handling of the lifecycle of approved add-ins has a significant security gap, as this incident illustrates,” said a senior cybersecurity analyst at Koi Security. “After an add-in has passed initial security checks, there is little ongoing verification to ensure that it continues to operate as originally intended, especially when the control of underlying domains changes.”

In response to this incident, Microsoft has pledged to strengthen their add-in verification process. New security measures are likely to include more frequent re-validation of add-ins, especially those that have not been updated in more than six months, and better monitoring of domain ownership changes for approved add-ins in the Microsoft Store.

Microsoft didn’t just stop at removing the harmful add-in. They also forced password resets for accounts that were found to be compromised during the attack. They also set up improved monitoring to detect any strange activity on accounts that had the AgreeTo add-in installed, even if those accounts weren’t confirmed as compromised in the data that the researchers found.

What this means for Microsoft Store Security

The AgreeTo compromise is an alarming development in supply chain attacks on Microsoft’s ecosystem. Despite Microsoft’s significant investment in securing its core services and applications, this incident shows that third-party integrations can still cause serious security issues, even on trusted platforms. The attack takes advantage of a basic trust relationship – the user’s belief that apps distributed through official channels have been thoroughly checked for security.

Security professionals caution that this is probably the start of a new pattern where hackers focus on neglected but still widely available software components. With thousands of add-ins available across Microsoft’s various platforms, and limited ongoing security verification for many of them, similar vulnerabilities may exist elsewhere in the ecosystem. The challenge for platform providers like Microsoft is balancing the benefits of a rich third-party software ecosystem against the security risks that such openness inevitably creates.

Related Supply Chain Attacks

The AgreeTo incident is not unique in its method. Similar supply chain attacks have been launched against browser extensions, mobile applications, and software libraries throughout the tech industry. What makes this incident especially noteworthy is that it is one of the first recorded cases of this attack method being successfully used against Microsoft’s tightly controlled add-in ecosystem. The strategy of taking over abandoned domains linked to legitimate software is growing in popularity as cybercriminals become more aware of the trust users have in established software from official outlets.

Microsoft’s Verification Process Weaknesses

The occurrence has revealed substantial weaknesses in Microsoft’s verification process for Marketplace add-ins. The main flaw seems to be in the continuous validation of add-ins rather than initial approval. Although Microsoft thoroughly inspects add-ins when they are initially submitted, the company’s process for tracking changes in already-approved add-ins was insufficient in this situation. When the base domain switched hands, there was no automatic reassessment of the add-in’s security stance, enabling attackers to fundamentally change its functionality while keeping its trusted status in the Marketplace.

Steps to Take If You’ve Installed the AgreeTo Add-in

If you’ve ever installed or used the AgreeTo add-in for Outlook, you should take immediate steps to secure your accounts and personal information. Start by changing your Microsoft account password right away and enabling multi-factor authentication if you haven’t already. Then, review all recent activity on your account to look for any unauthorized access or suspicious behavior. Be sure to check your email forwarding rules in particular, as attackers often set these up to maintain access even after you change your password. If any of your financial accounts may have been compromised through the stolen security question answers, reach out to your financial institutions to put additional security measures in place and watch for any unauthorized transactions.

Commonly Asked Questions

As the investigation of this attack continues, users have been asking a lot of questions about their risk, what role Microsoft plays, and how to protect themselves in the future. The following responses address the most frequently asked questions about the AgreeTo add-in compromise, but the situation is still changing as more information comes to light. Microsoft has set up a dedicated support line for affected users who need help with account recovery and security reinforcement.

The Microsoft Security Response Center is currently conducting an audit of all add-ins available in the Microsoft Store, especially those that haven’t been updated in over a year. They are doing this to identify any other potential threats before they can be exploited, like the AgreeTo add-in. Until this review is complete, users should be extra cautious when installing or using Outlook add-ins, even those from the official store.

• What other add-ins could be compromised?
• How can I check what add-ins I currently have installed in my Outlook?
• Is Microsoft notifying all affected users?
• What information should I provide if I think I’m a victim?
• Are business Microsoft accounts at more risk than personal accounts?

CyberSafe Solutions advocates for a zero-trust approach, even when dealing with applications from official sources. “The AgreeTo incident is a prime example of why users should be skeptical of every request for authentication or sensitive information, even when it seems to be coming from a trusted source,” explains their lead security analyst. “A legitimate application will rarely ask you to input your credentials again without a clear reason, like your session expiring or needing to access new permissions.”

How do I know if my Microsoft account was affected by this hack?

Microsoft is proactively reaching out to users whose information was found in the data set that was recovered by Koi Security researchers. However, this only includes accounts that the researchers were able to confirm were affected. If you’ve used the AgreeTo add-in but haven’t received a notification, you should still assume your account might be at risk. Signs of compromise include unexpected password reset emails, notifications of logins from unfamiliar locations, changes to security settings you didn’t make, or unfamiliar emails in your sent folder.

Review your account’s recent activity log through the Microsoft Account Security settings page to see if there’s been a potential compromise. This will show all recent logins with their associated locations and devices. Treat any activity you don’t recognize as a potential security breach. Be especially wary of any account recovery email addresses or phone numbers that may have been added without your knowledge, as attackers often add these to maintain access to compromised accounts.

Will changing my password keep attackers from accessing my account?

While changing your password is a good first step, sophisticated attackers often have additional ways to maintain access to your account even after you change your password. One common method is to create email forwarding rules that automatically send copies of some or all of your emails to an attacker-controlled email address. Another method is to create additional application passwords or authorized applications that can access your account independently of your password. To fully secure a potentially compromised account, you should review and remove any suspicious forwarding rules, check your account settings for any unfamiliar connected applications, and verify that your recovery contact information has not been changed.

If you want to be completely sure that your Microsoft account is safe, you might want to do a “security reset”. This will cancel all the current authentication tokens and make all your devices and applications reauthenticate. It might be a bit of a hassle, but it will make sure that if the attackers have any secret ways to access your account, they will be wiped out. Microsoft lets you do this in the security settings of your account, where it says “Sign out everywhere.”

Will Microsoft pay back users who had financial info stolen?

It’s complicated. The laws about whether or not a platform provider is responsible for this kind of thing are different depending on where you live. Microsoft’s rules usually say they’re not responsible for apps made by other companies, even if you got them from the Microsoft store. But this is a special case, because the add-in was okay at first and then it turned bad. So it’s not totally clear who’s responsible. Microsoft hasn’t said they’re going to pay people back yet, but they are giving extra help to people who are trying to get their accounts back and make them more secure.

• Financial losses should be reported to your bank or credit card company immediately
• Document all unauthorized transactions for potential reimbursement claims
• File reports with relevant consumer protection agencies in your country
• Consider identity theft protection services if personal information was compromised

In similar past incidents involving other platforms, affected users have occasionally been offered complimentary subscriptions to identity protection services. While Microsoft hasn’t announced such measures for this specific incident, impacted users should monitor official communications for potential support offerings. The company’s primary focus currently appears to be on containing the breach, preventing similar incidents, and helping users secure their accounts rather than financial compensation.

Should you have suffered monetary damages due to this security breach, legal professionals advise keeping thorough records of all unauthorized activity, correspondence with Microsoft, and actions you’ve taken to protect your accounts. This information could be useful if you’re looking to get reimbursed, either directly from Microsoft or through consumer protection methods in your area.

Are supply chain attacks on Microsoft add-ins frequent?

Supply chain attacks on software components have skyrocketed in recent years, but documented instances specifically targeting Microsoft add-ins have been relatively uncommon until now. The AgreeTo incident is one of the first known instances of a malicious add-in being hosted directly on Microsoft’s official Marketplace. Prior supply chain attacks in the Microsoft ecosystem have generally targeted development tools, third-party libraries, or update mechanisms rather than add-ins distributed through official channels. This new attack vector is particularly alarming because it takes advantage of the high level of trust users have in Microsoft’s vetted marketplace.

What steps is Microsoft taking to improve security and prevent similar attacks?

Following the AgreeTo incident, Microsoft has revealed a number of security upgrades to their add-in verification and monitoring procedures. This includes more frequent re-verification of published add-ins, especially when underlying domains change ownership or when add-ins have not been updated for a long time. The company is also introducing improved runtime monitoring to detect when add-ins suddenly alter their behavior or start asking for unusual authentication credentials. Furthermore, Microsoft is considering new technical measures that would stop add-ins from showing authentication prompts that could be mistaken for legitimate Microsoft login screens.

Aside from these technical steps, Microsoft is updating its developer requirements to include keeping control of related domains and offering more clear information about changes in add-in ownership. Add-ins that are abandoned by their original developers will be subject to stricter review processes or may be taken off the Marketplace if developers do not respond to security verification requests. These policy changes are designed to tackle the underlying vulnerability that allowed the AgreeTo compromise.

Microsoft has also set up a special security task force to thoroughly review all current Marketplace add-ins, prioritizing those with extensive permissions or a large number of users. This proactive audit is designed to find any similar weaknesses before attackers can exploit them. The security team at Microsoft has said that this incident will lead to wider changes in how they handle security for third-party software across all their platforms.

• Increased frequency of security checks on existing add-ins
• Improved monitoring of suspicious authentication requests
• Tighter rules for domain ownership and transfers
• Thorough audit of all current Marketplace add-ins
• Better user notifications about add-in permission requirements

For those worried about the security of add-ins, Microsoft advises to regularly check installed add-ins through Outlook’s manage add-ins feature and remove any that are not in active use. The fewer add-ins that have access to your account, the smaller your potential attack surface is. You should be especially wary of add-ins that ask for extensive permissions such as email read/write access or access to contact information, as these pose the greatest risk if they are compromised.

In conclusion, the AgreeTo incident is a stark reminder that even software from reputable sources requires careful consideration and ongoing vigilance. As platforms like Microsoft continue to expand their third-party ecosystems, both providers and users must adapt their security practices to address increasingly sophisticated supply chain attacks.