May 30, 2024 at 07:54AM
Okta warns customers of credential stuffing attacks targeting its Customer Identity Cloud’s cross-origin authentication feature. The company advises reviewing logs for suspicious activity, rotating compromised passwords, and enrolling in passwordless authentication. Okta recommends strong password requirements, multi-factor authentication, and other security measures to mitigate the risks. Shares of Okta are trading higher after reporting increased revenue outlook.
From the meeting notes, it appears that Okta is warning its customers about credential stuffing attacks targeting the Customer Identity Cloud’s cross-origin authentication feature. The attacks have been ongoing since April 15, and Okta has advised customers to review logs for suspicious activity, rotate compromised passwords, and implement measures to mitigate the risks associated with credential stuffing.
To address the situation, Okta recommends enrolling users in passwordless, phishing-resistant authentication, enforcing strong password requirements, implementing multi-factor authentication (MFA), and enabling breached password detection for tenants. Furthermore, the company suggests disabling tenants that do not use cross-origin authentication, restricting permitted origins for cross-origin authentication, and enabling breached password detection for tenants.
It’s important to note that this warning comes after an earlier cyberattack in October 2023, where the names and email addresses of Okta’s customer support system users were stolen, but the Auth0/CIC support case management system was not affected. Additionally, in September, threat actors targeted Okta’s IT service desk personnel to convince them to reset MFA for high-privilege users at multiple US-based customers.
Finally, Okta’s pre-market trading on Thursday is up roughly 5% after the company reported its earnings and boosted its outlook, expecting revenue of $2.530 billion to $2.540 billion for the full year, representing a growth rate of 12% year-over-year. The company’s warning about credential stuffing attacks using Tor and residential proxies is also related to the current situation.
Let me know if there is any further information you require or if you need help with anything else.