Microsoft in January patched a severe Office 365 vulnerability that exposed accounts whose domains were configured as federated.
Source: Threadpost