Microsoft security is under fire after new research, published here for the first time, exposes the serious risk of account hijack from compromised subdomains. Put simply, users visiting a genuine Microsoft web domain might actually be on a subdomain controlled by an attacker. Any information those users then share will be at risk—including usernames and passwords. Users are advised to take care the links they click, but if subdomains appear genuine, they will likely be tricked.