Microsoft says the malicious OAuth apps were used to steal customers ... they should conduct a thorough internal investigation to verify that the suspicious applications have been disabled ...