OAuth-Based Attack Exploits Legitimate ChatGPT App to Steal Email Data
Researchers at Red Canary have uncovered a surge in OAuth-based attacks targeting Microsoft Entra ID (formerly Azure AD), with threat actors abusing the legitimate ChatGPT application to gain unauthorized access to user email accounts. The attack exploits OAuth permissions, tricking employees into granting excessive access to sensitive data under the guise of a trusted service.
How the Attack Works
- Initial Consent – Attackers manipulate users into adding the ChatGPT service principal to their Entra ID tenant, prompting them to approve OAuth permissions such as Mail.Read (email access), offline_access (persistent access), and profile/openid (user identity data). The app appears legitimate, masking the attacker’s intent.
- Permission Exploitation – Once granted, the Mail.Read scope allows attackers to read and exfiltrate email data without further user interaction.
- Remote Access & Exfiltration – Logs reveal the attacker’s IP (e.g., 3.89.177.26, linked to AWS Virginia) accessing the system, followed by data extraction to attacker-controlled infrastructure.
Detection & Key Indicators
Red Canary’s investigation identified critical forensic details:
- App ID:
e0476654-c1d5-430b-ab80-70cbd947616a(legitimate OpenAI app, abused) - Permissions Granted:
Mail.Read,offline_access,profile,openid(enabling persistent email access) - Consent Type: User-level (
IsAdminConsent: False), making it vulnerable to phishing - Log Sources: AuditLogs and Consent to application events track permission grants, including timestamps and IP origins
Impact & Mitigation
The attack highlights the risks of third-party OAuth permissions, particularly when users unknowingly authorize excessive access. Organizations can reduce exposure by:
- Monitoring for suspicious service principal additions and OAuth consent events
- Enforcing stricter admin-level consent requirements to limit user-granted permissions
- Correlating telemetry data (e.g., unexpected access patterns, remote connections) to detect anomalies
This incident underscores the growing threat of OAuth abuse in enterprise environments, where legitimate applications can be weaponized to bypass security controls.
Source: https://cyberpress.org/chatgpt-powers-oauth-email-breach/
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "ope1772022670",
"linkid": "openai",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'type': 'Enterprise Organizations'}],
'attack_vector': 'Phishing (OAuth Consent Manipulation)',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, corporate communications)',
'type_of_data_compromised': 'Email data, user identity '
'information (profile/openid)'},
'description': 'Researchers at Red Canary uncovered a surge in OAuth-based '
'attacks targeting Microsoft Entra ID (formerly Azure AD), '
'with threat actors abusing the legitimate ChatGPT application '
'to gain unauthorized access to user email accounts. The '
'attack exploits OAuth permissions, tricking employees into '
'granting excessive access to sensitive data under the guise '
'of a trusted service.',
'impact': {'data_compromised': 'Email data',
'identity_theft_risk': 'High (PII exposure via emails)',
'operational_impact': 'Unauthorized access to sensitive '
'communications',
'systems_affected': 'Microsoft Entra ID (Azure AD) tenants'},
'initial_access_broker': {'entry_point': 'OAuth Consent Phishing (Legitimate '
'ChatGPT App)',
'high_value_targets': 'Email data, user identity '
'information'},
'investigation_status': 'Ongoing (Detection and Mitigation Guidance Provided)',
'lessons_learned': 'Risks of third-party OAuth permissions, need for stricter '
'consent controls, and monitoring of service principal '
'additions.',
'motivation': 'Data Exfiltration',
'post_incident_analysis': {'corrective_actions': 'Revoking unauthorized '
'permissions, enforcing '
'stricter consent policies, '
'and enhancing monitoring '
'for OAuth-related events',
'root_causes': 'Exploitation of user-granted OAuth '
'permissions (Mail.Read, '
'offline_access) via a legitimate '
'but abused application (ChatGPT '
'service principal)'},
'recommendations': ['Monitor for suspicious OAuth consent events and service '
'principal additions',
'Enforce admin-level consent requirements to limit '
'user-granted permissions',
'Correlate telemetry data to detect anomalies (e.g., '
'unexpected access patterns, remote connections)'],
'references': [{'source': 'Red Canary'}],
'response': {'containment_measures': 'Monitoring for suspicious service '
'principal additions and OAuth consent '
'events',
'enhanced_monitoring': 'Correlating telemetry data (e.g., '
'unexpected access patterns, remote '
'connections)',
'remediation_measures': 'Enforcing stricter admin-level consent '
'requirements, revoking unauthorized '
'permissions',
'third_party_assistance': 'Red Canary (Threat Research)'},
'title': 'OAuth-Based Attack Exploits Legitimate ChatGPT App to Steal Email '
'Data',
'type': 'OAuth Abuse',
'vulnerability_exploited': 'Excessive OAuth permissions (Mail.Read, '
'offline_access, profile/openid)'}