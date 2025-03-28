An old Microsoft Stream domain was recently hijacked

Many SharePoint sites with embedded videos displayed the malicious content

Microsoft quickly addressed the issue, so users should update now

A retired Microsoft domain was hijacked and used in a spam campaign, experts have warned.

Microsoft used to have an enterprise video-sharing platform called Stream, where organizations could securely upload, manage, and share video content. In April 2024, it was retired and replaced by Microsoft Stream on SharePoint.

The key difference is that the videos were no longer stored separately in the Stream platform, but rather on OneDrive and SharePoint, to make them more accessible through Microsoft 365 tools such as Teams, Yammer, or PowerPoint.

Monitor your credit score with TransUnion starting at $29.95/month TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools. Preferred partner (What does this mean?)

"Appropriate action"

Today, almost a year after the migration, news came out that the legacy domain - microsoftstream.com - was hijacked and used to display a fake Amazon site advertising a Thai casino.

The biggest issue with this attack is that all SharePoint sites with old embedded videos were displaying the spam on their premises.

BleepingComputer found a number of users complaining about the takeover on Reddit:

"This afternoon, a user reported a suspicious website on our intranet, that is using microsoftstream.com. After some analysis, it turns out the domain is currently redirecting to a sketchy website signed by 'Ibiza99'," one user said. "Here's an interesting one for you all. I just got a call that our SharePoint site was showing spam instead of embedded videos. Interesting, I thought. I wonder how that could happen," another one added.

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

No further information about the attack was shared, but Microsoft was soon notified about the change and it moved quickly to remedy the problem, stating, “We are aware of these reports and have taken appropriate action to further prevent access to impacted domains".

Apparently, the old domain could have been in more sinister campaigns, distributing malware through fake software updates, for example. However, good news is that the attackers opted for the least harmful thing - a spam campaign.