Okta is a lesser-known name but forms a critical part of cybersecurity systems at major corporations. The identity management company boasts more than 18,000 customers who use its products to provide a single login point for many different platforms that a given company uses. Zoom, for example, uses Okta to give “seamless” access through a single login to the company’s Google Workspace, ServiceNow, VMware and Workday platforms. Okta said it had communicated with all affected clients in Friday’s announcement. At least one of those clients said it had alerted Okta about a potential breach weeks earlier. […]
Okta has also been at the center of other higher-profile incidents. Earlier this year, for example, casino giants Caesars and MGM were both affected by hacks. Caesars was forced to pay millions in ransom to the hacking group, sources told CNBC. MGM had to shut down critical systems that the company acknowledged would have a material effect on its bottom line in an SEC filing. The direct and indirect losses from those incidents totaled over $100 million. Both those attacks targeted MGM and Caesars’ Okta installations, using a sophisticated social engineering attack that went through IT help desks. Three other companies were also targeted by the hacking group, an Okta executive told Reuters.
Okta has also been a target before. A hacking group purportedly accessed numerous Okta systems in a March attempt. That group, Lapsus$, has been tied to hacking attacks at Uber and Grand Theft Auto maker Rockstar Games, a subsidiary of Take-Two Interactive, according to a report from the Cybersecurity and Infrastructure Security Agency.
Originally Posted at https://slashdot.org/