Microsoft Stream Domain Hijacked: SharePoint Sites Flooded with Spam

By /

Listen to this Post

A Major Security Breach Exposes Microsoft’s Legacy Service

A significant security incident has surfaced involving Microsoft Stream’s legacy domain, microsoftstream.com, which was hijacked to display a fake Amazon website promoting a Thai online casino. This unexpected breach caused embedded videos in SharePoint to be replaced with spam, raising concerns about security loopholes in Microsoft’s domain transition processes.

Microsoft Stream, a video streaming service integrated into Microsoft 365 applications like Teams and SharePoint, originally allowed organizations to embed video content via microsoftstream.com. However, with Microsoft’s decision to deprecate the classic Stream service, organizations were required to migrate their videos to SharePoint by April 2024.

What Happened?

On March 27, 2025, WHOIS records showed a modification in the domain registration, suggesting either a hijack or unauthorized DNS change. The hijacked domain redirected users to a malicious website posing as Amazon, but in reality, it was a phishing page leading to a Thai gambling site.

Key timeline of events:

  • September 2020: Microsoft announces the deprecation of Microsoft Stream Classic.
  • April 2024: Deadline for organizations to migrate video content to SharePoint.
  • March 27, 2025: microsoftstream.com is hijacked, showing a spam site.
  • Same day: SharePoint admins report the issue on Reddit after noticing spam instead of videos in their sites.
  • Later that day: Microsoft takes action to shut down the hijacked domain.

Microsoft has not disclosed how the domain was hijacked but assured that it has taken steps to prevent further misuse. Fortunately, the attackers did not attempt more harmful actions like malware distribution or credential theft through fake software updates.

What Undercode Say: The Bigger Picture Behind the Breach

This incident is more than just an isolated domain hijacking; it exposes deeper issues in cloud service security, DNS management, and corporate cybersecurity policies. Here’s a breakdown of why this matters:

1. The Danger of Forgotten Domains

When companies transition from one platform to another, old domains often become low-priority targets, making them easy to hijack. If not properly decommissioned or monitored, attackers can repurpose them for malicious activities, as seen here.

2. DNS Security Must Be Strengthened

Whether this was a domain hijack or a DNS misconfiguration, it highlights the importance of stronger domain protections. Microsoft, despite being a tech giant, had a crucial domain compromised—implying that security practices around expired or deprecated domains need improvement.

3. SharePoint’s Unexpected Vulnerability

The impact on SharePoint servers is a reminder that even trusted platforms can be compromised through external dependencies. Many organizations unknowingly embed content from third-party services, assuming long-term reliability. When these services fail or get hijacked, their websites become vehicles for spam, phishing, or worse—malware delivery.

4. Microsoft’s Response Raises Questions

While Microsoft acted quickly to shut down the rogue domain, its lack of transparency raises concerns.

– How did attackers gain control?

  • Why wasn’t the domain protected after the migration deadline?
  • Were any organizations actually compromised beyond spam exposure?

Without detailed answers, cybersecurity experts remain concerned about similar incidents occurring in the future.

5. The Potential for More Severe Attacks

In this case, the attackers only displayed a spam site, but what if they had gone further?
– Malware distribution: Fake security updates could have infected corporate devices.
– Credential harvesting: A cloned Microsoft login page could have stolen employee credentials.
– Supply chain attack: SharePoint content could have been used to inject malicious scripts into company portals.

Given the scale of organizations using Microsoft 365, such an attack could have been catastrophic.

Fact Checker Results

  • Microsoft’s Response: Microsoft has acknowledged the issue but has not provided details on how the hijack occurred.
  • Impact Scope: Only organizations with embedded videos from the classic Microsoft Stream were affected.
  • Security Implications: While no malware was reported, this incident highlights the risks of deprecated domains and weak DNS security.

This event is a clear reminder that corporate cybersecurity is only as strong as its weakest link—and forgotten digital assets can become major threats. Organizations must remain vigilant, ensuring that migrated or decommissioned domains are properly secured, monitored, or retired.

References:

Reported By: https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Explore More: