Share via

Outlook Account Hijacked by Malicious OAuth Apps - Immediate Lock After Recovery

Abdullah Gawish 0 Reputation points
2025-11-21T19:17:45.45+00:00

My Outlook account has been persistently locked due to suspicious activity triggered by malicious OAuth apps: Thunderbird, Get Any Token, and BHMailer. These apps were granted access without my consent and continue to hijack the account even after password resets. Every time I unlock the account, it is immediately re‑locked by Microsoft’s automated systems.

This is not a case of forgotten credentials or account takeover. I have:

• Successfully changed my password.

• Access to my verified alternate recovery channels.

• Active login session on my Windows device using this Microsoft account.

• Documentation and screenshots proving ownership and login activity.

The issue lies in persistent OAuth token abuse. I am unable to revoke these apps manually because the account locks before I can access the account.live.com/consent portal. The phone verification screen fails with the error:

“This method isn’t working right now. Try another.” — but no alternative method is offered.

I have submitted multiple recovery attempts and referenced several case numbers, including:

• SIR21221637

• SIR21463485

• SIR21463496

• SIR21220660

• SIR21221551

Despite repeated contact with support, I’ve only received scripted responses and been told that escalation is not possible — even though this is clearly a security incident, not a routine account issue.

✅ I am requesting:

• A manual server‑side revocation of all OAuth tokens and app permissions.

• Immediate unlocking of my account based on verified session and linked recovery info.

• Acknowledgment of the verification bug preventing phone unlock.

• Escalation to Microsoft Security Response Center (MSRC) or Trust & Safety.

I have already submitted a vulnerability report via MSRC and am prepared to escalate externally (GDPR, telecom regulators, consumer protection platforms) if this is not resolved promptly.

Thank you for your time and attention.

— Concerned Microsoft Account Holder

Case Ref: SIR21221637

Outlook | Web | Outlook.com | Account management, security, and privacy

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JANSHER LIWAG 8,840 Reputation points Independent Advisor
    2025-11-21T20:11:48.3133333+00:00

    Hi Abdullah,

    Thank you for posting, I am here to help. If you have attempted to recover your Microsoft account multiple times but were unsuccessful due to insufficient information, please get in touch with Microsoft Support for further assistance. Be sure to include the details of your recovery attempts, especially if your requests were denied despite providing accurate information.

    Click on this page Contact - Microsoft Support

    https://support.microsoft.com/en-us/home/contact

    Please follow the steps below to contact Microsoft Online Support.

    Go to the Microsoft Support page and search for “account locked.”

    Scroll down and click “Sign in to contact Support.”

    Sign in using a different personal Microsoft account.

    Under Products & Services, choose “Other Products.”

    Under Categories, select “Manage account security” and click Confirm.

    Click “Chat with a support agent in your web browser” to start a live chat.

    Source: https://learn.microsoft.com/answers/questions/4705510/how-can-i-access-my-account-when-it-says-i-havent?forum=outlook_com-all&referrer=answers

    I hope you find this information helpful. Please let us know if you have any further questions If the answer is helpful, please click "Accept Answer".

    Best regards,

    Jansher

    Was this answer helpful?

  2. Q&A Assist
    2025-11-21T19:18:21.41+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It seems you are experiencing a serious issue with your Outlook account being compromised by malicious OAuth applications. Here are some steps you can take to address the situation:

    1. Revoke OAuth Tokens: Since you mentioned that you cannot access the consent portal due to the account being locked, you may need to contact Microsoft Support directly to request a manual revocation of all OAuth tokens associated with your account. Provide them with your case numbers and explain the urgency of the situation.
    2. Account Recovery: Ensure that you have exhausted all recovery options available through Microsoft's account recovery process. If you are facing issues with phone verification, consider trying to recover your account using a different method, such as email verification, if available.
    3. Security Measures: After regaining access, immediately enable multifactor authentication (MFA) for your account to add an extra layer of security. This will help prevent unauthorized access in the future.
    4. Monitor Account Activity: Keep an eye on your account activity and any unusual behavior. If you notice any further suspicious activity, report it to Microsoft Support immediately.
    5. Documentation: Keep all documentation regarding your recovery attempts and any correspondence with Microsoft Support. This will be useful if you need to escalate the issue further.

    If these steps do not resolve the issue, you may need to escalate your case further within Microsoft Support or consider external avenues as you mentioned.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.