Bleeping Computer

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook ...
TechRadar

A popular Microsoft Outlook add-in has been hijacked to try and steal user accounts - here's how to stay safe

Abandoned Outlook add-in AgreeTo hijacked into phishing kit stealing Microsoft accounts Attackers stole 4,000 accounts, credit card data, and banking security answers Microsoft removed add-in; users ...
Computerworld

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, ...