Key takeaway: 81 million password-spray attempts against Microsoft 365 over two weeks demonstrate that MFA enforcement and real-time anomaly detection are critical CISO controls against credential attacks.
A large-scale password-spray campaign targeted Microsoft 365 environments over a two-week period with a total of 81 million login attempts. The scale of the attack illustrates the widespread impact of automated credential attacks against cloud-based identity systems.
The password-spraying campaign recorded 81 million login attempts against Microsoft 365 accounts over a two-week period. This attack method systematically attempts to compromise many accounts using common or weak passwords, aiming to evade users who have MFA protection enabled.
For a CISO, the attack is relevant because it highlights the gap between the proliferation of cloud identity systems and the reality of inadequately protected user authentication. 81 million attempts over two weeks point to automated infrastructure that targets multiple victims in parallel and is difficult to block if defensive measures do not act proactively.
Remediation measures address multiple layers: enforcement of MFA for all users (even if weak passwords exist), brute-force protection at the tenant level, monitoring alerts for unusual login patterns, and regular audits of credential-bearing accounts. In parallel, password policies should prevent reuse across multiple accounts and quickly identify compromised credentials from public leaks.
Source: www.bleepingcomputer.com · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.