Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

November 4, 2024 at 06:41AM Okta identified a security flaw that could let attackers exploit usernames of 52 characters or more for AD/LDAP Delegated Authentication. This bug persisted for over three months before it was fixed on October 30. Okta advises customers to implement multi-factor authentication and check logs for suspicious activity since July 23. … Read more

Okta warns of “unprecedented” credential stuffing attacks on customers

April 27, 2024 at 10:56AM Okta warns of a surge in credential stuffing attacks targeting its systems, using TOR network and residential proxies. The attacks are successful against some customers, particularly those using Okta Classic Engine in Audit-only mode and not denying access from anonymizing proxies. Okta suggests measures to proactively block these attacks, including … Read more

1Password discloses security incident linked to Okta breach

October 23, 2023 at 06:40PM Hackers breached the Okta support case management system, impacting 1Password. No user data from 1Password was compromised, but the breach involved an IT employee’s stolen session cookie. The threat actor attempted to manipulate authentication flows and gain unauthorized access. Okta confirmed the breach and both companies have taken steps to … Read more