In just one week back in February this year, Akamai's security products picked up automated attacks that employed over one million different IPs to test login credentials and hijack user accounts.
Akamai says the crooks used 1,127,818 different IPs to launch 744,361,093 login attempts using 220,758,340 distinct email addresses.
Attackers targeted multiple services, but a vast majority of the login attempts were aimed at two companies, one in the financial sector, and one in media & entertainment.
The automated attack against the financial target accounted for over 90 percent of the total attack volume.
Akamai says crooks used 993,547 distinct IPs to check 427,444,261 accounts. The security and networking giant was alerted to the presence of this campaign because 22,555 IPs had been previously blacklisted by their WAF (Web Application Firewall).
The campaign against the financial institution started strong, with the attackers checking over 248,000 IPs on the first day, and ended even stronger with the attackers testing over 526,000 IPs on the seventh day, which accounted for more than half of the total IPs used in the attack.