81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.


  • Password spray attack successfully breached Microsoft 365 accounts
  • Hackers have abused misconfigured conditional access policies to bypass MFA.
  • Many targeted organizations had not implemented MFA

Hackers used previously leaked credentials to target Microsoft 365 accounts in a password spraying attack that resulted in more than 81 million login attempts over a two-week period.

The attackers then abused poorly implemented conditional access policies in the Resource Owner Credentials (ROPC) OAuth mechanism using the Azure command line interface (CLI), allowing attackers to completely bypass authentication when a matching username and password were discovered.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top