Okta customers report impact of most recent breach
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
The scope and scale of Okta's most recent breach is still coming together as new customers come forward to share details about how they were targeted.
Why it matters: Okta — which provides single sign-on and multifactor authentication tools — has taken a serious financial hit since it disclosed Friday that hackers had stolen some of its support case management system files.
Driving the news: On Oct. 20, Okta said that a hacker had used a stolen password to access the company's support case management system.
- Journalist Brian Krebs first reported the news. An Okta spokesperson told Axios the incident has resulted in "minimal" customer impact.
- The company has lost more than $2 billion in market cap since the disclosure, per CNBC.
The big picture: This is just the latest breach in a running list of recent incidents targeting Okta customers.
- Last month, the hackers who targeted MGM Resorts and Caesars Entertainment also attacked three other Okta customers, the company told Reuters.
- Hackers also attacked a third-party vendor in January 2022 to gain access to Okta's network, ultimately accessing information about more than 360 customers.
Between the lines: Okta counts several major companies as customers — including FedEx, T-Mobile and OpenAI — making the company a prime target for intruders looking to break into these systems.
- During an interview before the most recent incident's disclosure, Okta CEO Todd McKinnon told Axios that the company already has strict internal cybersecurity protocols.
- "Our bar is as high as it can be," he said.
Details: So far, three companies have identified themselves as targets of the latest cybersecurity incident.
- BeyondTrust, another identity management company, said in a post Friday that it first alerted Okta to suspicious activity targeting an Okta administrator on Oct. 2.
- Cloudflare released a post Friday detailing how it thwarted an attacker who had tried hijacking its Okta instance.
- 1Password said Monday that it first detected malicious activity tied to the Okta incident on Sept. 29, but the company said it was able to stop the attack.
The intrigue: Hackers collected customers' HTTP archive, or HAR files, which Okta's support team uses to replicate customers' problems when they call for support.
- These files include authentication cookies and session tokens, which allow hackers to impersonate users on a legitimate network.
Yes, but: Okta is still investigating who was behind the attack and how they broke in.
