Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts

A recent campaign exploited a vulnerability in Microsoft Entra ID’s legacy authentication protocols, allowing attackers to bypass MFA and gain unauthorized access to cloud accounts. The attacks, which targeted various sectors, utilized Basic Authentication Version 2 to gain access to administrator accounts. Organizations are urged to audit and disable legacy authentication, enforce modern authentication with MFA, and closely monitor for unusual login activity.