Okta (NASDAQ:OKTA), which provides digital identity authentication services to big companies, confirmed Tuesday that it had suffered a security breach. Their stock plunged nearly 9% as reports piled in from over 300 customers who say they have been affected.
Okta is a sort of patchwork solution for authentication. You can federate your single sign on (e.g., Active Directory) to tons of other solutions. Many enterprises today are using a dozen (or a hundred) different web apps, internal apps, SaaS solutions, cloud services, etc. and the problem Okta solves is not having to have every user manage a hundred logins and signups. So your typical user can sit down at his or her computer, login to the domain, and then access Salesforce, Google Suite, etc. without having to constantly login. Likewise, when that user leaves the organization, there’s only a single kill switch to manage.
Needless to say, discovering that a hacker is in the midst of all this fancy federation and sophisticated OATH authentication and such 21st century wizardry is deeply concerning to the company’s over 15,000 clients.
Apparently, the nefarious parties involved hacked the laptop of a subcontractor, and then was able to impersonate him and have the same access he did from January 16 through January 21, 2022. That account didn’t have access to passwords, accounts, etc., and crucially didn’t have access to source code repositories, so he probably didn’t have the ability to inject malware into the company’s products or dump client databases.
Regardless, any breach is serious when your primary mission is to provide safe and secure authentication. Analysts have downgraded the stock and it remains to be seen how severe the brand damage will be.
Related Posts:
- Crunchbits Discontinuing Popular Annual Plans – The Community Mourns! - November 20, 2024
- RackNerd’s Black Friday 2024: Bigger, Better, and Now in Dublin! - November 19, 2024
- It’s the Season of Giving and CharityHost Has Deals for You! - November 18, 2024
Leave a Reply