Credential security crisis: multiple massive breaches (24B record leak, Fortinet heist, KDDI, LastPass, Azure MFA bypass)
Key Questions
What major credential leaks have occurred recently?
A massive 24B record credential leak from infostealer logs tied to Darkside was reported, alongside Fortinet compromising 75,000 devices and KDDI exposing 14.2M email passwords.
How did the Azure MFA bypass attack work?
Attackers used a deprecated OAuth ROPC flow in a password-spraying campaign with 81M login attempts, compromising 78 accounts. This bypassed MFA protections in Azure environments.
What actions has Europol taken against infostealers?
Europol's Operation Endgame seized 27M credentials from infostealers using AI-assisted analysis. The operation highlights international efforts to disrupt credential theft networks.
Massive 24B record credential leak from infostealer logs (Darkside ties). Fortinet firewall credential heist compromises 75,000 devices across 194 countries. LastPass third-party breach exposes customer contact info. KDDI breach exposes 14.2M email passwords via third-party software vulnerability. Europol's Operation Endgame seizes 27M credentials from infostealers using AI-assisted analysis. New: Azure password-spraying attack bypasses MFA using deprecated OAuth ROPC flow—81M login attempts, 78 accounts compromised. These incidents underscore urgent need for credential hygiene, MFA, and supply chain security.