>Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold

If people at Microsoft reuse passwords than what we can expect from casual PC users?!