Since early December 2025, thousands of OneDrive users across Windows, Android, and macOS have been hit by a wave of spam. Affected users report that AI-driven bot accounts are flooding their "Shared with me" folders with links to suspicious shared directories.
Frustration is mounting on Microsoft’s official forums and platforms like Reddit. One user posted on the Microsoft community boards, asking: "Strangers are sharing links to my OneDrive—how do I stop this? Is this a virus or malware?"
Victims have discovered that because OneDrive lacks a feature to block shares from unknown users, there is no way to stop these requests at the source. Even when users manually select "Remove from shared list" or "Report as spam," the files often reappear after a page refresh. Reddit user sdegonge noted that even after deleting the associated notification emails, files with names like "GET_BOX" persistently remain in their shared directory.
Microsoft Acknowledges Slow Progress on Fixes
Microsoft officially acknowledged the issue early this year, classifying it as a technical vulnerability. The company confirmed that affected users are unable to hide, remove, or stop receiving these malicious shares, nor can they clear them via the reporting mechanism. At the time, the company stated it was developing a patch and expected to resolve the issue by the end of January 2026.
However, three months past the projected deadline, Microsoft’s official support page remains stagnant, suggesting the vulnerability continues to impact users globally. While there have been no reports of widespread malware infections, the relentless stream of spam has severely disrupted the user experience.
Microsoft has yet to comment on the delay or the scale of the impact. For users desperate to clean up their accounts, there is currently no official workaround other than repeatedly attempting to hide the files.