November 4, 2024 at 06:41AM Okta identified a security flaw that could let attackers exploit usernames of 52 characters or more for AD/LDAP Delegated Authentication. This bug persisted for over three months before it was fixed on October 30. Okta advises customers to implement multi-factor authentication and check logs for suspicious activity since July 23. … Read more
April 27, 2024 at 10:56AM Okta warns of a surge in credential stuffing attacks targeting its systems, using TOR network and residential proxies. The attacks are successful against some customers, particularly those using Okta Classic Engine in Audit-only mode and not denying access from anonymizing proxies. Okta suggests measures to proactively block these attacks, including … Read more
October 23, 2023 at 06:40PM Hackers breached the Okta support case management system, impacting 1Password. No user data from 1Password was compromised, but the breach involved an IT employee’s stolen session cookie. The threat actor attempted to manipulate authentication flows and gain unauthorized access. Okta confirmed the breach and both companies have taken steps to … Read more