Microsoft Teams Security Breached through GIFS!

After Zoom looks like Microsoft Teams security just got cracked anonymously. Although Zoom was not secure at the time it was compromised, Microsoft Team’s security just got breached through some GIFS. Yes, you read it right hackers can get into your accounts by sending you graphic Images.

Introduction

In the wake of COVID-19 people have had the chance of working from home. Big corporations have been working hard to provide a full proof solution for people to conduct a meeting without getting disturbed. When everything started, Zoom was the first priority for people but it had Major Flaws which forced companies like Google, Tesla ordering employees not to use the software.

Since then services like Microsoft Teams, Google Meet have emerged in the market as a prior choice. These services provided the best solution as of yet. Since people are dependent on the software for keeping connected and up to date with people around, it has gained the attention of hackers for exploiting the vulnerabilities in the software to disrupt the meetings or get access to the accounts.

How was Microsoft Teams security compromised?

According to CyberArks Blog, there was a subdomain takeover vulnerability in Microsoft Teams. The hackers could have used a malicious GIF to scrape the user’s data and take over the entire organization’s rooster of Teams accounts. 

The attack is not that visible. A GIF will popup in your inbox which does its work in the background without you noticing it. It will take up all the credentials and take over the account. Further, the GIF will be sent to all of your team members compromising all of them. A demonstration of how the flaw could compromise your organization is given below.