Since disclosing a security breach of its support systems Friday, Okta has shed more than $2 billion from its market valuation “Okta shares slumped more than 11% Friday after the company said an unidentified hacking group was able to access client files through a support system,” reports CNBC. “The company did not provide more details beyond a set of technical identifiers. The company’s stock continued to fall in Monday trading, ultimately closing down 8.1%.” From the report:
Okta is a lesser-known name but forms a critical part of cybersecurity systems at major corporations. The identity management company boasts more than 18,000 customers who use its products to provide a single login point for many different platforms that a given company uses. Zoom, for example, uses Okta to give “seamless” access through a single login to the company’s Google Workspace, ServiceNow, VMware and Workday platforms. Okta said it had communicated with all affected clients in Friday’s announcement. At least one of those clients said it had alerted Okta about a potential breach weeks earlier. […]
Okta has also been at the center of other higher-profile incidents. Earlier this year, for example, casino giants Caesars and MGM were both affected by hacks. Caesars was forced to pay millions in ransom to the hacking group, sources told CNBC. MGM had to shut down critical systems that the company acknowledged would have a material effect on its bottom line in an SEC filing. The direct and indirect losses from those incidents totaled over $100 million. Both those attacks targeted MGM and Caesars’ Okta installations, using a sophisticated social engineering attack that went through IT help desks. Three other companies were also targeted by the hacking group, an Okta executive told Reuters.
Okta has also been a target before. A hacking group purportedly accessed numerous Okta systems in a March attempt. That group, Lapsus$, has been tied to hacking attacks at Uber and Grand Theft Auto maker Rockstar Games, a subsidiary of Take-Two Interactive, according to a report from the Cybersecurity and Infrastructure Security Agency.
Originally Posted at https://slashdot.org/