There had been hundreds or even thousands of failed login records found in very short period of time.
Worse yet, the usernames used in the failed logins are mostly, if not all, registered usernames.
More stringent rules were then applied to limit the attempts to login,
such as login lock out feature, change of login page, limit access of REST APIs, etc.
The “Failed Login Record” is now dropped to practically zero.