Microsoft 365 Copilot Flaw Let Hackers Steal Data in One Click

Robert Moore · 2026-06-15

A single click on a link that looked like it came straight from Microsoft could have handed attackers your emails, calendar details, and files stored in Microsoft 365 Copilot Enterprise Search. That's not a hypothetical risk anymore. Researchers at Varonis Threat Labs uncovered a chain of three bugs they call SearchLeak, and it's a wake-up call for anyone using AI-powered search tools in their business. Here's the scary part: the malicious link pointed to a real microsoft.com domain. So even if you're careful about phishing, traditional URL filters and anti-phishing tools would have missed it entirely. The attack worked because Copilot Enterprise Search indexes everything across your tenant—emails, Teams chats, SharePoint files, you name it. An attacker who got you to click could pull all that data out without raising alarms. ### The Three-Bug Chain The researchers found three separate vulnerabilities that, when combined, created a one-click exfiltration path. First, there was a flaw in how Copilot handles search queries. Second, a misconfiguration in the authentication flow let attackers bypass normal checks. Third, the response didn't properly validate the user's identity for certain indexed content. Chain them together, and you've got a way to steal MFA codes, sensitive emails, and even password reset links. ### How It Works in Practice Imagine you get an email that looks like a routine Microsoft notification. You click a link, and it takes you to a legitimate microsoft.com page. But behind the scenes, that page executes a search in Copilot on your behalf. Because the search runs with your permissions, it can access everything you can. The attacker then receives a copy of the results—no need for complex malware or phishing credentials. - The link uses a real Microsoft domain, so it passes spam filters. - The attack requires no user credentials—just a single click. - The exfiltrated data includes emails, calendar events, and indexed files. - MFA codes and password reset links are also vulnerable if they're in your inbox. ### What This Means for You This isn't just a technical curiosity. If you're a business relying on Microsoft 365 Copilot, you need to take this seriously. The bugs have been reported to Microsoft, but patching alone isn't enough. You need to think about how you configure search permissions and what data is indexed. The attack surface is huge because Copilot indexes everything by default. ### Protecting Yourself Here are a few steps you can take right now: - Review your Copilot search permissions. Limit what data is indexed to only what's necessary. - Educate your team about this type of attack. Even a link from a trusted domain can be dangerous. - Use conditional access policies to require MFA for all Copilot interactions. - Monitor for unusual search patterns in your Microsoft 365 logs. The key takeaway? AI tools are powerful, but they also create new attack vectors. Don't assume that a trusted domain means a safe link. Stay vigilant, and keep your security settings tight.