81 million login attempts affected Microsoft 365 accounts as hackers attempted to spray passwords to force entry using stolen credentials and OAuth to bypass authentication.



  • Password spraying attack successfully breached Microsoft 365 accounts
  • Hackers abused incorrectly configured conditional access policies to bypass MFA
  • Many target organizations had not implemented AMF

Hackers used previously leaked credentials to attack Microsoft 365 accounts in a password spraying attack that resulted in more than 81 million login attempts over a two-week period.

Attackers then abused incorrectly implemented conditional access policies within the Resource Owner Password Credentials (ROPC) OAuth mechanism using the Azure Command Line Interface (CLI), allowing hackers to bypass authentication entirely when a matching username and password were discovered.

Leave a Comment

Your email address will not be published. Required fields are marked *