"Microsoft: 99.9% of Compromised Accounts did not use Multi-Factor Authentication"

Microsoft tracks over 30 billion login events per day and over one billion monthly active users.  Of all the accounts, about 0.5 percent of them become compromised each month.  In January 2020 1.2 million Microsoft accounts were compromised.  Password spraying and password replay attacks are the techniques used by most adversaries to compromise Microsoft accounts.  99 percent of the password spraying attacks and 97 percent of the password replay attacks are carried out through legacy authentication protocols.  If an individual disables legacy authentication protocols, then researchers saw a 67 percent reduction in account compromises.  Users and companies with a Microsoft account should enable multi-factor authentication because it blocks 99.9 percent of all account hacks.

ZDNet reports: "Microsoft: 99.9% of Compromised Accounts did not use Multi-Factor Authentication"