Okta Breach Widens to Affect 100% of Customer Base

Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams. "Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering attacks directed at these users," Bradbury wrote. "While 94% of Okta customers already require MFA for their administrators, we recommend all Okta customers employ MFA and consider the use of phishing-resistant authenticators to further enhance their security." The company added that it does not have any evidence the compromised Okta customer data is being actively exploited yet, however. Cybersecurity experts advise Okta customers to focus on cybersecurity best practices, including user training. "What is needed to secure Okta customers is a focus on best practices; for example, 6% of their users do not have multifactor authentication enabled," says Viakoo CEO Bud Broomhead. "Likewise, setting session timeouts or requiring reauthentication for sessions from a new IP address should be done across all Okta users." That bit of bad news for Okta customers was tempered by another piece of data out of Okta on Nov. 29. According to its latest quarterly financial report, the company announced that it has seen a more than 20% increase in revenues. The bottom-line growth increase is marked for the quarter ending Oct. 31, the same quarter Okta's systems were used in high-profile breaches of MGM and Caesars. "Our Q3 performance was highlighted by solid top-line growth, record non-GAAP operating profit, and record free cash flow," Todd McKinnon, CEO and co-founder of Okta, said in a statement about the company's earnings. "We are particularly enthusiastic about the adoption of Okta Identity Governance and the general availability of Okta Privileged Access, which uniquely positions us as the only unified modern identity platform. Over 18,800 leading organizations around the world put their trust in Okta and we are thankful for their continued partnership." The news of the leaked customer data did drive down Okta stock prices when it happened, but the investor fallout appears to be hovering in the single digits. That said, the time lag for sales revenues to be impacted by major cyber incidents like the ones Okta has experienced should be taken into account when analyzing whether the breach impacted the brand, according to Jasson Casey, CEO of Beyond Identity. "The sales cycle for midmarket customers is typically three to four months, while the enterprise sales cycle can be six-plus months," Casey tells Dark Reading. Casey tells Dark Reading that personally, he's seeing a market shift away from Okta. "Anecdotally, we're seeing a large number of companies actively search for migration pathways from Okta to other SSO platforms due to the continued string of news related to Okta security practices," he adds. "Okta has a hard road in front of them to convince the mid/enterprise market that security is a foundational principle given their continued missteps over the last two years." Okta did not immediately return a request for comment from Dark Reading.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 22:55:27 +0000


Cyber News related to Okta Breach Widens to Affect 100% of Customer Base

Okta: Breach Affected All Customer Support Users - When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of ...
11 months ago Krebsonsecurity.com
Okta Breach Widens to Affect 100% of Customer Base - Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams. "Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering ...
11 months ago Darkreading.com
Using Falco to Create Custom Identity Detections - Recent months have witnessed a surge in attacks targeting popular identity providers like Okta, underscoring the critical need for timely and effective detection capabilities. Open-source Falco offers a Dedicated plugin for the Okta identity ...
11 months ago Feeds.dzone.com
5,000 Okta employees' data accessed in a third-party breach The Register - Updated Okta has sent out breach notifications to almost 5,000 current and former employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical ...
11 months ago Theregister.com
OneLogin vs. Okta: Which IAM Solution Is Better? - OneLogin and Okta are two industry-leading identity and access management platforms used to secure user access to corporate resources and manage information about user identity. OneLogin and Okta are enterprise-grade IAM platforms offering security ...
7 months ago Techrepublic.com
Okta Hack: Threat Actors Stolen all Customer Data - In a pivotal update to the Okta security incident divulged in October 2023, Okta Security has unearthed additional intricacies surrounding the unauthorized intrusion into its customer support system. This revelation holds profound implications for ...
11 months ago Cybersecuritynews.com
Okta says data leaked on hacking forum not from its systems - Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single ...
7 months ago Bleepingcomputer.com
Okta Admits All Customer Support Users Impacted By Breach - Okta has revealed that an October security breach compromised all users of its customer support system rather than a small subset as previously thought. CSO David Bradbury said last month that only 134 customers were impacted after a threat actor ...
11 months ago Infosecurity-magazine.com
Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
5 months ago Bleepingcomputer.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
9 months ago Go.theregister.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
9 months ago Techtarget.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
10 months ago Hackread.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad - For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. An outsourced customer service firm can ...
4 months ago Itsecurityguru.org
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
9 months ago Securityzap.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
11 months ago Helpnetsecurity.com
The Rise of Digital Customer Experience - Digital customer experience is a hot topic these days. In all seriousness, digital customer experience is one of the most important differentiators for your business. At its core, DCX is about the customer journey-a guided path for your customers to ...
11 months ago Feedpress.me
T-Mobile Admits to 37 Million Customer Records Stolen by ‘Bad Actor’ - In a shocking news, T-Mobile has admitted that 37 million customer records were stolen by a ‘bad actor’. This data breach happened sometime in the year 2020, when the mobile service provider suffered a data breach exposing personal information ...
1 year ago Nakedsecurity.sophos.com
Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
11 months ago
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
9 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
10 months ago Securityboulevard.com
CVE-2024-10327 - A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a ...
2 weeks ago Tenable.com
Customer Success Stories - Below is a short summary of all the new 2023 financial services customer success stories. Also at Cisco conferences and events we often have customers present but unfortunately most of the time these presentations are not turned into formal customer ...
9 months ago Feedpress.me
Okta to Acquire Spera Security - In a landmark move, Okta, the leading Identity and Access Management provider has announced its acquisition of Spera Security, a rising star in the Identity security space. Spera Security plays a strategic role in enhancing organizations' ...
10 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)