Curated Content | Thought Leadership | Technology News

Okta Issues a Warning to Users Amid Surge in Credential Stuffing Incidents

Providing detection and mitigation strategies.
Ryan Uliss
Contributing Writer
Close up of OKTA logo at their headquarters.

Okta, a leading identity and access management provider, has issued a warning regarding targeted credential stuffing attacks on its Customer Identity Cloud (CIC) feature. Since April 15, 2024, numerous customers have been affected by these attacks, which exploit the cross-origin authentication feature within the CIC. Credential stuffing involves using large lists of stolen usernames and passwords to breach online accounts, posing a significant security risk to affected users.

Okta’s cross-origin authentication feature, part of its Cross-Origin Resource Sharing (CORS) functionality, allows web applications to interact with the Okta API for secure authentication. However, this feature has become a focal point for cybercriminals, prompting Okta to issue guidance for detecting and mitigating these attacks.

Why it matters: The surge in credential stuffing attacks targeting Okta’s Customer Identity Cloud (CIC) is yet another example of the swiftly evolving tactics employed by cybercriminals. With secure identity management playing a critical role in preventing unauthorized access and protecting sensitive data, organizations are increasingly prioritizing efforts to ensure the integrity of authentication processes.

  • Mitigation Strategies: Okta recommends several mitigations, including rotating compromised user credentials, implementing passwordless authentication, enforcing strong password policies, and disabling unused cross-origin authentication features. Restricting permitted origins for cross-origin requests and enabling breached password detection is also suggested.
  • Detection Recommendations: Okta advises administrators to monitor tenant logs for specific events such as ‘fcoa’ (failed cross-origin authentication), ‘scoa’ (successful cross-origin authentication), and ‘pwd_leak’ (attempts to log in with leaked passwords). Abnormal spikes in these events may indicate an attack.
  • Long-term Defense: To bolster defenses against credential stuffing, Okta advises organizations to adopt phishing-resistant authentication methods such as passkeys and to enforce multi-factor authentication (MFA). Regular monitoring and proactive security measures are crucial for mitigating these threats.
  • Historical Context: Okta has faced significant breaches in recent years. In 2022, the company was compromised by the LAPSUS$ hacking group through a third-party vendor, exposing customer support data. In 2023, a breach in Okta’s support case management system affected nearly 200 of its clients, highlighting the ongoing challenges in securing cloud-based identity management solutions

Go Deeper -> Okta Warns of Credential Stuffing Attacks Targeting its CORS Feature – Bleeping Computer

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud – The Hacker News

Okta Warns Once Again of Credential-Stuffing Attacks – Dark Reading

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters