Midnight Buzzing: Understanding and Stopping MFA-Fatigue Attacks

How it Works (The Threat)

Imagine your phone keeps lighting up at midnight with endless login approvals you never asked for. This is not a glitch; it is an active attack in progress.

In an MFA-fatigue attack, the hacker already has your password, but they cannot pass the second step of authentication. To bypass this, they flood your device with approval prompts, hoping you will eventually tap "allow" just to make the endless buzzing stop. Attackers may even send fake messages pretending to be your IT department, urging you to verify your account by approving the prompt.

The danger is immense: just one tired tap lets the attacker into your account. Once inside, they can quietly register their own device, meaning they may never need to ask you for access again. This is exactly what happened in a major 2022 breach at Uber. A hacker spammed an Uber contractor with endless prompts and sent a fake "IT" message on WhatsApp; when the worn-down worker finally tapped "Approve" once, Uber's systems were opened.

How to Protect Yourself

You can stop an MFA-fatigue attack in its tracks by following these security guidelines:

• Never approve a login prompt that you did not start yourself.
• Use number-matching or a passkey instead of relying on simple one-tap approvals.
• If the continuous prompts will not stop, you must change your password immediately, because it means your current password is already known to the attackers.
• Check whether your details have already been exposed and lock down your accounts at clearex.market.