The recent incident is not the first security issue Okta has encountered. In the past, there have been several incidents involving Okta or its products.
Okta Inc (NASDAQ: OKTA), a major provider of cybersecurity solutions for corporate enterprises, businesses, and government organizations, is currently grappling with the aftermath of a severe security breach that has led to a staggering loss of over $2 billion in its market valuation.
According to CNBC, the company’s shares plummeted more than 11% on Friday in immediate response to the breach. The downward trajectory continued on Monday, resulting in an 8.1% loss at the close of the market. Despite the company’s reassurances that affected clients were promptly notified, revelations indicated that one client had alerted Okta about a potential breach weeks before the official disclosure.
Okta Customer Warns of Potential Cybersecurity Breach
Okta announced on October 20 that hackers exploited a vulnerability in its support systems, giving them unauthorized access to certain customers’ files. Although not as widely recognized as some of its industry counterparts, Okta boasts a substantial client base of over 18,000 businesses, including the popular video conferencing platform Zoom.
Through a unified login process, the company relies on Okta’s services to provide users with seamless access to various platforms such as Google Workspace, ServiceNow, VMware, and Workday.
In its announcement on Friday, the company said it had communicated with all the customers affected by the exploits. However, in a separate report, BeyondTrust, an identity management company, said it detected suspicious activity within its systems on October 2.
Despite alerting Okta’s security team to the potential breach, their warnings were initially overlooked, ultimately leading to the security breach. However, the company said it was able to thwart the attack and remedy the situation.
“On October 2, 2023, the BeyondTrust security team detected an identity-centric attack on an in-house Okta administrator account. We immediately detected and remediated the attack through our Identity Security tools, resulting in no impact or exposure to BeyondTrust’s infrastructure or our customers.”
In September, another affected customer, 1Password, a widely used password management platform serving over 100,000 businesses, also identified suspicious activity within its Okta ID management tenant. Subsequently, in October, the hacker attempted to exploit the company. The company promptly collaborated with Okta to counter the threat, working hand in hand to identify how the attackers gained access to the company’s systems.
Not the First Exploit on Okta
The recent incident is not the first security issue Okta has encountered. In the past, there have been several incidents involving Okta or its products, including intrusions at casinos that caused disruptions in Las Vegas hotel rooms for several days.
Earlier this year, well-known casino companies Caesars and MGM encountered similar hacks. Caesars reportedly had to pay a significant amount of money to a hacking group, while MGM had to temporarily shut down crucial systems, leading to substantial financial losses.
The collective impact of these incidents amounted to over $100 million. The attacks on MGM and Caesars involved a clever social engineering approach that exploited weaknesses in the company’s IT help desk. According to an Okta executive, the hacking group Lapsus$ also recently targeted three other businesses.
Before recent events, Okta was already targeted by the group in March.
According to a Cybersecurity and Infrastructure Security Agency report, the same group has also been linked to hacking activities at major companies like Uber and the video game developer Rockstar Games, a subsidiary of Take-Two Interactive.