Google accidentally links to a third-party website like the Microsoft Office Portal, putting businesses using it at risk

Companies using Microsoft Office 365, the online version of office automation services, have faced security issues following errors in Google. among search results ‘Office’ and ‘Office 365’As the first option there was a web page that had nothing to do with the official Microsoft portal.

Employees who clicked on this first result that search engines gave and entered their credentials could have passed them on to third-party companies that have no affiliation with Microsoft. The flaw has been uncovered by Spanish cyber security company Tarlogic and is found in a hyperlink that it believed should redirect Office 365 sign-in page.

The Office 365 sign-in results were taken to a third-party page.

At the time this article is being written, by clicking on this option, The link leads to a website that does not load, so it is understood that it has been blocked so that it does not harm more users. As spokespersons for Google and Microsoft explained to yesterday morning, their internal teams were investigating the situation, although they did not disclose the number of people affected or the reasons for the failure.

It infected about 50 million devices.

The website to which the search result was redirected ‘go Daddy’, one of the largest domain registration services. While there is no evidence that what happened was caused by a cyberattack, it should be noted that cloning official pages is often a widely used tactic in cybercrime.

“The direct consequences of this situation, if there are users who do not realize the problem caused by Google, will trigger multiple failures log in In the GoDaddy panel, Office 365 is sending authentication data to this website”, the Tarlogic researchers elaborated.

According to the cybersecurity company, “this could have a huge impact, because Those credentials are usually exactly what will be used to authenticate both with personal accounts and in the internal services of the companies in which they operate, such as VPNs or other corporate applications”.

The attack was stopped immediately.

Tarlogic believes the problem may be due to the existence of a collaboration agreement between GoDaddy and Microsoft, so that anyone who first registers a domain with the company can automatically access Office 365 and Outlook services. be able to configure. this, coupled with GoDaddy has a good rank in the Google search engine, Because of this it could have been placed in the search results earlier.

Sign up for our newsletter and receive the latest tech news in your email.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button