MFA Prompt Bombing: Why Push Notifications Are the Weak Link in Identity Security
Attackers are bypassing push-based MFA by flooding users with authentication requests until they accept, exploiting fatigue and social engineering rather than technical flaws.
Multi-factor authentication (MFA) was designed to close the gap left by passwords alone. The logic was simple: even if credentials are stolen, the second factor blocks access. But attackers have adapted. Instead of stealing the second factor, they now trick users into handing it over through a technique known as MFA prompt bombing — and the attack is proving devastatingly effective against organizations of all sizes.
The technique relies on three ingredients: valid credentials (often from credential-stuffing lists), a login portal that uses push-based MFA, and a target who receives each authentication request. Attackers repeatedly trigger push notifications to the victim's device, hoping the user will approve out of annoyance or confusion. Sometimes the attack is paired with a vishing call where the attacker impersonates IT support, pressuring the user to accept a prompt. It only needs to work once.
Once approved, the attacker gains immediate access, and security systems typically log the action as legitimate. The 2022 Cisco breach is a textbook case. An attacker tied to the Yanluowang ransomware group compromised a Cisco employee's personal Google account syncing browser-stored credentials, including the VPN password. The attacker then bombarded the employee with MFA prompts and, after initial failures, used vishing calls posing as trusted support. Eventually the employee approved a push notification, giving the attacker VPN access. The adversary enrolled their own MFA devices for persistence, escalated privileges, reached Citrix servers and domain controllers, and exfiltrated 2.8GB of data.
The underlying problem is that push-based MFA gives users almost no context. The prompt typically asks only for an approve or deny action, with no indication of the originating device, location, or IP address. When prompts arrive repeatedly, users often assume a glitch rather than an attack. Paired with a convincing vishing call, even security-aware employees can be fooled.
Mitigation starts with moving away from push-only MFA. Phishing-resistant factors such as FIDO2 security keys, hardware tokens like YubiKey, and number-matching codes from authenticator apps are significantly harder to abuse. Conditional access policies that factor in geography, device posture, and login times can block or step up authentication before a prompt is ever sent. Continuous scanning of Active Directory against databases of breached passwords removes the fuel for the attack — if the attacker never gets a valid password, prompt bombing is impossible.
MFA prompt bombing is not a reason to abandon MFA, but it exposes where some factors fall short. Organizations relying on push notifications as their default second factor should urgently reassess. Specops Secure Access, mentioned in the article, supports fatigue-resistant options for Windows logon, RDP, and VPN connections, offering a path away from push-only MFA for high-risk access points.
The broader lesson is that authentication security must consider human behavior. Attackers increasingly target people rather than systems, and technology alone cannot prevent a user from approving a prompt under pressure. Layered defenses — phishing-resistant MFA, compromised-password scanning, and strong conditional access — together reduce the attack surface MFA prompt bombing exploits.
As push-based MFA remains widespread across VPNs, Microsoft 365, Okta, and Duo deployments, prompt bombing will continue to be a live threat. Organizations should treat it not as a theoretical risk but as a known, active technique with proven real-world impact, including against security vendors themselves.