Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Bought one of those cheap Microsoft 365 accounts off the internet. How might it pose a security risk to my computers that use the Microsoft 365 programs?

0
Medium
Security-newscybersecurityreddit
Published: 07/11/2026 (07/11/2026, 14:47:41 UTC)
Source: Reddit Cybersecurity

Description

This report discusses the security risks associated with purchasing cheap Microsoft 365 accounts from unofficial sources on the internet. The user describes receiving login credentials tied to a suspicious domain and setting up account details and two-factor authentication. Although the user accesses Microsoft 365 services through official Microsoft sites afterward, the initial interaction with a non-official domain raises concerns about potential data theft or misuse. No direct evidence of malware or compromise was observed by the user or their security software.

Reddit Discussion

r/cybersecurity·posted by u/CN8YLW
00

Hello. So this topic came up recently in discussions, and I never really thought about it till now, so I thought I'd at least look into it for peace of mind. Basically when I bought the account (lifetime subscription) I received a login and password to an email hosted at a domain called @.office365online.co (remove the first . as reddit's formatting keeps changing @ to u/ if I dont put it there). Upon login using Brave browser, I was asked to fill in the details such as name, company name, new password, recovery email as well as enable 2FA, which I set using my Windows authenticator. After that, the email and password were used to login to the official windows 365 site to download the programs and start using them. I have not logged into the office365online.co website or email server since, and any relogins has been done directly with Microsoft.

How much of a risk am I at here? I understand that the information given to the domain such as my name, company name and recovery email may be used and stolen for their needs, but what else is there I need to be worried about? This option was suggested to me by a friend who claimed to have been using it for years prior with no issues on her end with regards to Windows Defender, Malwarebytes and Norton flagging suspicious activity, and on my side I have no flags from Windows Defender and Malwarebytes as well.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/12/2026, 03:47:44 UTC

Technical Analysis

The threat involves the use of Microsoft 365 accounts obtained from unofficial, potentially fraudulent sources, specifically accounts linked to a suspicious domain (office365online.co). Users provide personal and company information and set recovery options on this third-party domain before accessing Microsoft services. This practice risks exposing sensitive information to malicious actors who control the initial domain, potentially leading to identity theft or unauthorized access. No technical exploit or vulnerability in Microsoft 365 itself is described. The risk stems from the account procurement method and associated data exposure.

Potential Impact

Potential impact includes theft or misuse of personal and company information submitted to the unofficial domain, which could lead to identity fraud or targeted attacks. There is no indication of direct compromise of the Microsoft 365 programs or the user's computer from the software itself. The user’s security tools did not detect malware or suspicious activity, but the trustworthiness of the account credentials and associated data is questionable.

Mitigation Recommendations

Avoid purchasing Microsoft 365 accounts from unofficial or suspicious sources. Use only legitimate Microsoft channels to obtain subscriptions. If such an account has been used, monitor for unusual account activity and consider changing passwords and recovery information on official Microsoft services. No official patch or fix applies as this is a risk from account provenance rather than a software vulnerability.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":35,"reasons":["external_link","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a530e4f68715ace43e47919

Added to database: 07/12/2026, 03:47:27 UTC

Last enriched: 07/12/2026, 03:47:44 UTC

Last updated: 07/12/2026, 11:17:29 UTC

Views: 11

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses