Microsoft Teams security flaw lets hackers steal accounts – and no fix in sight

There is a security flaw in Microsoft Teams that allows threat actors to log into other people’s accounts, even if those accounts are secured with multi-factor authentication, researchers claim.

Cybersecurity analysts at Vectra say the Teams desktop application for Windows, Linux and Mac stores user authentication tokens in plaintext, without locks guarding access. Anyone with local access to a system with Teams installed can steal these tokens and use them to log into the accounts.