None of the accounts broken into had MFA enabled, which could have stopped the attack from progressing so fast.
