81 million login attempts hit Microsoft 365 accounts as hackers attempt password spraying to force access using stolen credentials and OAuth to bypass authentication


  • A password spray attack successfully breached Microsoft 365 accounts
  • The hackers abused improperly configured Conditional Access policies to bypass MFA
  • Many targeted organizations had no MFA implemented

Hackers have used previously leaked credentials to target Microsoft 365 accounts in a password-spray attack that resulted in over 81 million login attempts over a two-week period.

The attackers then abused the improperly implemented Conditional Access policies in the Resource Owner Password Credentials (ROPC) OAuth mechanism using the Azure Command Line Interface (CLI), allowing the attackers to completely bypass authentication when a matching username and password was discovered.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top