MFA bombing, also known as MFA fatigue attack, is a cyberattack method where attackers repeatedly send multi-factor authentication (MFA) approval requests to a user's device. The goal is to overwhelm or annoy the user into approving a fraudulent login attempt, granting the attacker unauthorized access. This tactic exploits human error and fatigue rather than technical vulnerabilities, making it a growing concern as organizations increasingly rely on MFA for security.