Okta's stock closes down 11.57% after the cybersecurity company said a hacker accessed its support system using a stolen credential and viewed client files
- Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
CNBC Rohan Goswami
Related Coverage
- Tracking Unauthorized Access to Okta's Support System Okta
- BeyondTrust Discovers Breach of Okta Support Unit BeyondTrust · Marc Maiffret
- Hackers Stole Access Tokens from Okta's Support Unit Krebs on Security · Brian Krebs
- How Cloudflare mitigated yet another Okta compromise The Cloudflare Blog · Sourov Zaman
- Okta says hackers stole customer access tokens from support unit TechCrunch · Zack Whittaker
- Okta says hackers breached its support system and viewed customer files Ars Technica · Dan Goodin
- Okta Support System Hacked, Sensitive Customer Data Stolen SecurityWeek · Ryan Naraine
- More Okta Customers Hacked Dark Reading
- Okta's Support System Breach Exposes Customer Data to Unidentified Threat Actors The Hacker News
- Okta attacked again, this time hitting its support system Cybersecurity Dive
- Okta Support Unit Breached Via Credential Stolen by Hackers PaymentSecurity.io · Michael Novinson
- Data breach prevention: Strategies for businesses using Mac systems MacSecurity.net · David Balaban
- Okta Stock Falls On New Hacker Security Breach Investor's Business Daily · Reinhardt Krause
- Okta Says Hackers Accessed Customer Files, Stock Falls 11% The Information · Aaron Holmes
- Okta Didn't Acknowledge Breach For More Than Two Weeks, Customer Says CRN · Kyle Alspach
- Okta Customer Support System Hacked PCMag · Michael Kan
- Software Firm Okta Falls on News That Hackers Viewed Some Customer Files Bloomberg · Katrina Manson
- Okta confirms security breach of customer support system San Francisco Business Journal · Todd Johnson
- Software firm Okta's shares slump on cyber breach Reuters · Yuvraj Malik
- Okta says hackers gained “unauthorized access” to its support system.The identity and access management company says a hacker viewed files uploaded … The Verge · Emma Roth
- Okta Shares Drop After Hacker Gains Access to Support System Barron's Online · Tae Kim
- Behind the Breach: Cross-tenant Impersonation in Okta Security Boulevard · Emile Antone
- Identity & Access Management GovInfoSecurity · Michael Novinson
- Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta's support platform for at least two weeks before the company fully contained the intrusion. https://krebsonsecurity.com/ ... @jbhall56@infosec.exchange · Jeff Hall
- For being the IDP that powers most of large companies in the U.S. outside of legacy A.D. Okta has doesn't set up their customers for success. Exhibit <some-high-number>: — BeyondTrust had a breach ( https://www.beyondtrust.com/ ... in one of their Okta tenants admins which came from Okta's support systems being compromised … @shellcromancer@infosec.exchange
- Another day another reminder that auth tokens should be bound to the browser (and ideally to the hardware): https://sec.okta.com/... @mjg59@nondeterministic.computer · Matthew Garrett
- “Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials” — Forget Zero Day Summer, it's MFA Fall. — https://www.bleepingcomputer.com/ ... @GossiTheDog@cyberplace.social · Kevin Beaumont
- Scoop: Hackers Stole Access Tokens from Okta's Support Unit — Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. … @briankrebs@infosec.exchange · BrianKrebs
- Okta's support organization was breached. This led to an attack on our and other Okta customers infrastructure. … Marc Maiffret
- Even cybersecurity companies aren't immune from cyber attacks. In fact, the dirty-little-secret is, they are lucrative targets if attackers are successful. … Matthew Rosenquist
- I understand that Okta would be a frequently attacked company because of what they do, but the regularity is becoming alarming. … Javed Ikbal
- What this means is that the hackers were living rent-free on Okta computers and freely reading and exfiltrating data Customers send sensitive data for support troubleshooting to Okta. … Sanjay Patel
- Coincidentally, I was talking with DocuSign this morning and we were talking about MFA and they kept touting the perfect security from their OKTA partner. … Evan Schuman
- Well? Last time I said “OKTA got breached”, a couple people objected. — How about this time? Jay Meier
- Unfortunately for Okta, this is their third recent incident. Attackers have figured out that third-party identity providers are just as valuable a target as the enterprises themselves. … Andrew Jaquith
Discussion
-
@marceloplima
Marcelo P. Lima
on x
$OKTA management is a joke. They completely messed up the sales team integration when they acquired Auth0, then fired the highly-paid executive in charge (Susan St. Ledger). Then, one of their support agents was hacked (May '22) and their crisis management was severely lacking...…
-
@kimzetter
Kim Zetter
on x
Worth highlighting that Okta discovered this only because Beyond Trust reported to them that someone was trying to hack BT using a session cookie stolen from Okta - Okta didn't believe BT, and it took them two weeks to confirm that, yes ,they had been breached
-
@gn3mes1s
@gn3mes1s
on x
Solid blogpost on the impact of okta support attack. - okta session hijack bypass mfa - admin action using prpxy - admin priv to non admin user
-
@beyondtrust
@beyondtrust
on x
BeyondTrust security teams discovered a breach of Okta Support unit impacting multiple organizations after detecting and preventing an identity-centric attack on an in-house Okta account https://beyondtrust.com/... #Okta #IdentitySecurityInsights [image]
-
@kimzetter
Kim Zetter
on x
On Oct 13, while Okta was investigating a breach of the company, its chief legal officer Larissa Schwartz ( https://www.okta.com/...) appears to have sold 3,578 of the company's shares, at a market value of $304,237. She still owns a lot of shares, though https://investor.okta.co…
-
@gergelyorosz
Gergely Orosz
on x
This is embarrassing for Okta. Both that it's a second breach: and how a customer of theirs detects Okta was breached before Okta does! “In fact, we contacted Okta about the breach of their systems before they had notified us.” Okta has one job: to keep things secure.
-
@kimzetter
Kim Zetter
on x
A really bad day for Okta How Cloudflare Mitigated Yet Another Okta Compromise “On Oct 18, we discovered attacks on our system that we were able to trace back to Okta - threat actors were able to leverage an authentication token compromised at Okta...” https://blog.cloudflare.com…
-
@dnlongen
David Longenecker
on x
It should come as no surprise that if identities are at the core of modern intrusion attempts, identity providers would be aggressively targeted by threat actors. Okta's support case management system breached to access case files: https://sec.okta.com/...
-
@marcmaiffret
Marc Maiffret
on x
Oct 2nd we prevented an attack on an Okta account. Forensics led us to believe that the point of entry was actually due to a compromise within Okta's Support environment. Okta has now confirmed that to be the case, other customers affected. https://www.beyondtrust.com/ ...
-
@rakeshlobster
Rakesh Agrawal
on x
A few weeks ago, Okta CEO wouldn't criticize Microsoft's security breach on @reckless podcast because it could happen to Okta, too. The more secure you say something is, the bigger the gantlet you're throwing down.
-
@seanwrightsec
Sean Wright
on x
Looks like it took Okta over a week to respond in any meaningful way. That's quite concerning if that was the case!
-
@kimzetter
Kim Zetter
on x
Hackers stole access tokens from Okta's support unit. “Okta says the incident affected a ‘very small number’ of customers, however it appears the hackers...had access to Okta's support platform for at least two weeks” https://krebsonsecurity.com/ ...
-
@buccocapital
BuccoCapital Guy
on x
At this point who is implementing Okta? Feels like they announce a breach every month
-
@_mg_
@_mg_
on x
So the front door into tons of companies (Okta) has such bad visibility for their own network that they can't find an intrusion that someone has actively flagged. Sleep well defense teams!
-
@gergelyorosz
Gergely Orosz
on x
Absolute savage and deserved. This is Cloudflare saying as indirectly as they can that Okta's practices are not up to par for an organisation that takes security seriously. Much less one that sells security. And they are... right? https://blog.cloudflare.com/ ... [image]