A newly discovered “potentially dangerous” functionality in Office 365 could allow threat actors to encrypt files hosted in the cloud and render them unrecoverable without a dedicated backup solution or decryption key.

Cybersecurity researchers at Proofpoint claim that the “AutoSave” feature, which automatically saves documents being worked on in the cloud, could be abused by the flaw.