Okta’s Market Valuation Takes a Hit After the Identity Management Company Discloses Breach

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Okta admitted on October 20, 2023 that the company detected “adversarial activity that leveraged access to a stolen credential” to breach the company’s support management system.

• The cybercriminal tapped into customer files as part of recent support incidents; Okta was careful to note that the support case management system is distinct from the production Okta service.

Cyberattacks are expensive, and not just for enterprises and consumers. After Okta disclosed that threat actors had breached its customer support systems, the identity and access management supplier saw its market cap collapse. Over the course of a week, the company’s share price plummeted by 9%, and the company lost nearly $2 billion in its valuation.

Okta said it had notified the 200 clients impacted by the breach. The company has a customer base of 18,000 companies. The vendor said the incident likely happened when hacked into customer HTTP archive files and were able to copy browser activity to pretend to be users to access resources. Okta said it has taken measures to revoke session tokens and remediate the incident. Three of its industry peers, 1Password, BeyondTrust, and CloudFlare, alerted Okta to the breach.

While Okta stressed neither its production service nor its Auth0./CIC case management was breached, the effect of the incident is a lingering one. Because this is not the first or even second time the security vendor’s technology has been targeted by threat actors. The recent incident is eerily similar to a breach in March 2022 in which cyber attackers breached a subprocessor used in customer support work.

And in September 2023, Caesars Entertainment and MGM International both suffered from hacks when cyber criminals breached their Okta agent, a client that interfaces with an organization’s active directory.

Okta Agent is the lightweight client connecting an organization’s active directory. Employing social engineering by using staff information collected from LinkedIn, the hackers called the help desk for access help, through which they were then able to infiltrate the Okta agent and infect the casinos’ IT estate.

The breaches ultimately cost both companies. Caesars paid a $15 million ransomware demand. MGM, which shut down most of its IT infrastructure, including its website and gambling floor for a period, lost approximately $100 million.

Leave a Reply