Okta customers report impact of most recent breach

The scope and scale of Okta's most recent breach is still coming together as new customers come forward to share details about how they were targeted.

Why it matters: Okta — which provides single sign-on and multifactor authentication tools — has taken a serious financial hit since it disclosed Friday that hackers had stolen some of its support case management system files.

Driving the news: On Oct. 20, Okta said that a hacker had used a stolen password to access the company's support case management system.

• Journalist Brian Krebs first reported the news. An Okta spokesperson told Axios the incident has resulted in "minimal" customer impact.
• The company has lost more than $2 billion in market cap since the disclosure, per CNBC.

The big picture: This is just the latest breach in a running list of recent incidents targeting Okta customers.

• Last month, the hackers who targeted MGM Resorts and Caesars Entertainment also attacked three other Okta customers, the company told Reuters.
• Hackers also attacked a third-party vendor in January 2022 to gain access to Okta's network, ultimately accessing information about more than 360 customers.

Between the lines: Okta counts several major companies as customers — including FedEx, T-Mobile and OpenAI — making the company a prime target for intruders looking to break into these systems.

• During an interview before the most recent incident's disclosure, Okta CEO Todd McKinnon told Axios that the company already has strict internal cybersecurity protocols.
• "Our bar is as high as it can be," he said.

Details: So far, three companies have identified themselves as targets of the latest cybersecurity incident.

• BeyondTrust, another identity management company, said in a post Friday that it first alerted Okta to suspicious activity targeting an Okta administrator on Oct. 2.
• Cloudflare released a post Friday detailing how it thwarted an attacker who had tried hijacking its Okta instance.
• 1Password said Monday that it first detected malicious activity tied to the Okta incident on Sept. 29, but the company said it was able to stop the attack.

The intrigue: Hackers collected customers' HTTP archive, or HAR files, which Okta's support team uses to replicate customers' problems when they call for support.

• These files include authentication cookies and session tokens, which allow hackers to impersonate users on a legitimate network.

Yes, but: Okta is still investigating who was behind the attack and how they broke in.