Security · 1h ago
81M password-spraying attacks target Microsoft 365 via OAuth abuse
Hackers launched 81 million password-spraying attempts against Microsoft 365 accounts, exploiting stolen credentials and OAuth apps to bypass multi-factor authentication. The attacks abused misconfigured conditional access policies, allowing unauthorized access despite MFA protections. Microsoft has not disclosed how many accounts were compromised.
Meridian48 take
The scale underscores how OAuth trust can undermine MFA, but the real story is whether Microsoft's defaults are leaving customers exposed.
Read the full reporting
81 million login attempts hit Microsoft 365 accounts as hackers try password-spraying to force entry using stolen credentials and OAuth to bypass authentication →
TechRadar
microsoft-365password-spraying