You Turned MFA On. Attackers Already Have Three Ways Around It.
Thought Leadership Credential Risk May 2026 · 8 min read In Q3 2025, 32% of organizations hit by ransomware had MFA deployed — and 41% of those were breached anyway via MFA bypass. MFA is necessary. It's no longer sufficient. Here are the three routes attackers are using to get around it, and what actually stops them. On the night of September 15, 2022, an Uber contractor started receiving push notifications on their phone. A second-factor authentication request — the kind their MFA setup had been sending them for years. They declined it. Another one appeared. They declined again. For over an hour, notifications arrived every few minutes. Exhausted, assuming it was a system glitch, they finally tapped Approve. Within minutes, the attacker had access to Uber's internal systems, Slack, and source code repositories. The MFA worked exactly as designed. The human didn't. This is the story most businesses don...