Okta (NASDAQ:OKTA), which provides digital identity authentication services to big companies, confirmed Tuesday that it had suffered a security breach.  Their stock plunged nearly 9% as reports piled in from over 300 customers who say they have been affected.

Okta is a sort of patchwork solution for authentication.  You can federate your single sign on (e.g., Active Directory) to tons of other solutions.  Many enterprises today are using a dozen (or a hundred) different web apps, internal apps, SaaS solutions, cloud services, etc. and the problem Okta solves is not having to have every user manage a hundred logins and signups.  So your typical user can sit down at his or her computer, login to the domain, and then access Salesforce, Google Suite, etc. without having to constantly login.  Likewise, when that user leaves the organization, there’s only a single kill switch to manage.

Needless to say, discovering that a hacker is in the midst of all this fancy federation and sophisticated OATH authentication and such 21st century wizardry is deeply concerning to the company’s over 15,000 clients.

Apparently, the nefarious parties involved hacked the laptop of a subcontractor, and then was able to impersonate him and have the same access he did from January 16 through January 21, 2022.  That account didn’t have access to passwords, accounts, etc., and crucially didn’t have access to source code repositories, so he probably didn’t have the ability to inject malware into the company’s products or dump client databases.

Regardless, any breach is serious when your primary mission is to provide safe and secure authentication.  Analysts have downgraded the stock and it remains to be seen how severe the brand damage will be.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Should You Change Your Windows RDP Port?Yes. - April 23, 2024
• DediRock: Not Just Dedicated Servers!They Have Cheap VPSes in Buffalo and Los Angeles, Too! - April 23, 2024
• You Don’t Want to Start a Hosting Company: A Parallel From History - April 22, 2024