[ skip to content ]

DUO Prompt-Bombing Attack

Recently at ODU, we have seen attackers use phishing attacks to gain credentials, then attempt to login multiple times to have users inadvertently allow the DUO prompt for 2-factor authentication.  This gives the attacker access to the account for a period.


Cyber criminals this technique to bypass multi-factor authentication (MFA), and it has been used in well-known compromises, such as the SolarWinds attack. Known as “prompt-bombing”, the technique involves inundating users with authentication requests via mobile phones.


An alternate approach is to send a few login requests that are spread out in hopes you won’t notice that your credentials are compromised, and thereby approve the DUO prompt without question.

No legitimate business would communicate to customers in a manner that comes close to “prompt-bombing.”


If you get a DUO prompt at a time when you are not actively authenticating to an ODU service, select “No” to the prompt, and change your MIDAS password promptly.


If you accidentally select “Yes” to a prompt that you did not initiate by attempting to login to an ODU service, report the incident immediately via ITSHelp@odu.edu , and change your MIDAS password promptly.


For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing.  Thank you for your diligence in maintaining a secure ODU computing environment!


J. Douglas Streit, CISSP

Executive Director & CISO

IT Security & Planning

Information Technology Services

Old Dominion University



Posted By: John Streit
Date: Sun Apr 10 08:04:42 EDT 2022

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.