In a nutshell: 81 million failed login attempts indicate a coordinated brute-force campaign against Microsoft 365, with parts of the attacks succeeding.
Security researchers have documented a large-scale attack wave on Microsoft 365 accounts in which attackers systematically try out login credentials and partially succeed in gaining access.
Security researchers have identified a coordinated attack wave on Microsoft 365 accounts in which 81 million login attempts were registered within a time period. The attackers rely on brute-force methods, i.e., systematic trying out of usernames and passwords.
According to the researchers, while the vast majority of these login attempts were unsuccessful, attackers succeeded in gaining actual account access in an unspecified number of cases. This suggests that some of the credentials used stem from previous data breaches or target weak passwords.
For CISOs, this has several implications: First, the volume of attempts demonstrates the scalability of automated attack tools that operate unimpeded without countermeasures. Second, each successful intrusion indicates insufficient authentication — either multi-factor authentication (MFA) is missing, improperly configured, or the password was weak. The continuous activity underscores the necessity of rate limiting, anomaly detection, and enforced MFA for all users.
Organizations should verify that MFA is comprehensively enabled on their Microsoft 365 instances, analyze suspicious login attempts from security logs, and respond promptly to potentially compromised accounts if necessary. Strong authentication is essential, especially for administrative accounts.
Source: www.golem.de · Published 2 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.2.