How To Lose Over 10% of the Value Of Your Company in an Instance: Another Okta Hack

How To Lose Over 10% of the Value Of Your Company in an Instance: Another Okta Hack

If you ever need to justify investment in cybersecurity, it is a good idea to show your executive team what can happen to the share price of your company on a hack — along with the potential loss of trust and business. And, so, the price of Okta shares has dropped over the past few due to a hack on their system [here]:

This is worrying as Okta is used to integrate enhanced login and identity management systems for many large companies, including FedEx and Zoom. The hack, in fact, could have a massive impact on many companies across the world. The attack was discovered by Cloudflare (and follows a previous attack on Okta’s infrastructure) on 18 October 2023, and traced to Okta. It involved a valid authentication token being generated by adversories, and then which they used to pivot onto Cloudflare’s Okta instance. Luckily, Cloudflare was able to isolate it and stop the attack from going any further [here]:

If it had been successful, the adversary could have gained access to the authentication tokens used by Okta, and leveraged onto the Cloudflare infrastructure. This includes the usage of hard tokens for multi-factor authentication. With Cloudflare’s Zero Trust architecture, the threat was easily detected and contained. But, for Okta, the details are worse, and where the adversary managed to hijack a session support ticket from Cloudflare. They then gained access to Okta’s customer support system and was able to customer-sourced files. Luckily, Cloudflare detected these accesses.

As for Okta’s customers, it is recommended that they enable MFA (Multifactor Authentication) and do not just use hard keys to authenticate onto systems and that every suspicious access is logged and investigated. It is also recommended that key access passwords be changed.