okta

Pierluigi Paganini May 30, 2024
Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

Identity and access management firm Okta warns of credential stuffing attacks targeting the Customer Identity Cloud (CIC) feature. Okta warns of credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April. A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous […]

Pierluigi Paganini April 28, 2024
Okta warns of unprecedented scale in credential stuffing attacks on online services

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last […]

Pierluigi Paganini November 29, 2023
Okta reveals additional attackers’ activities in October 2023 Breach

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including […]

Pierluigi Paganini November 03, 2023
Okta customer support system breach impacted 134 customers

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. […]

Pierluigi Paganini October 24, 2023
How did the Okta Support breach impact 1Password?

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta […]

Pierluigi Paganini October 21, 2023
Threat actors breached Okta support system and stole customers’ data

Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks. Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. Okta […]

Pierluigi Paganini September 02, 2023
Social engineering attacks target Okta customers to achieve a highly privileged role

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor […]

Pierluigi Paganini December 21, 2022
Okta revealed that its private GitHub repositories were hacked this month

American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month. Okta revealed that its private GitHub repositories were hacked this month, the news was first reported by BleepingComputer which had access to ‘confidential’ email notification sent by Okta. According to the notification threat actors have stolen the Okta’s source code. “As soon […]

Pierluigi Paganini March 24, 2022
Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying

The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots […]

Pierluigi Paganini March 22, 2022
Lapsus$ extortion gang claims to have stolen sensitive data from Okta

The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s […]