Cyber Alert: Microsoft Stream Classic Domain Compromised, Spreads Spam Across SharePoint

Overview of the Incident

The legacy domain for Microsoft Stream, originally designed for enterprise video streaming, was maliciously redirected to a counterfeit Amazon page promoting a Thailand-based casino. This unexpected redirection plagued SharePoint sites where historical videos had been embedded using the outdated platform.

Background on Microsoft Stream

Microsoft Stream facilitates video sharing across Microsoft 365 applications, including Teams and SharePoint. By September 2020, Microsoft had decided to phase out the classic Microsoft Stream service, integrating it directly with SharePoint and recommended users to migrate their content to the new service by April 2024.

Details of the Domain Hijack

Recent events saw the classic domain, microsoftstream.com, seized to host a phishing site imitating Amazon which operates as a front for a Thai online casino. Changes to the domain were documented on March 27, 2025, suggesting unauthorized modifications had been made.

Impact on SharePoint Sites

SharePoint servers utilizing embedded videos from the classic domain were caught displaying spam content from the hijacked site. Here’s how a SharePoint administrator described the unsettling discovery:

• Suspicious activities were reported by users encountering the rogue site through SharePoint’s intranet.
• Further inspection confirmed that videos embedded from the now compromised microsoftstream.com led to spam displays.

Response and Actions Taken

Upon recognition of the breach, Microsoft acted swiftly to shut down the affected domain, blocking the spam content from infiltrating SharePoint sites. Although the exact method of hijack remains undisclosed, Microsoft assured that measures were in place to prevent further misuse of the domain.

Security Implications

Fortunately, the hijackers did not escalate their misuse of the domain to spread malware or instigate more damaging assaults. However, the incident raises substantial concerns regarding cybersecurity practices and the safeguarding of organizational assets.

Preventive Measures and Recommendations

Organizations are advised to accelerate the migration of their video content to the updated Microsoft Stream platform within SharePoint. Continuous monitoring and updating of DNS records are critical to defend against potential cyber threats.

For in-depth analysis and defense strategies against similar cybersecurity threats, explore the Red Report 2025.