Okta’s Latest Cyber Breach Knocks Billions Off Company Value

data breach, security breaches

Not again. Another security breach admission from Okta wipes more than $2 billion off its market valuation

The financial costs associated with cyberattacks has been demonstrated once again, after authentication specialist Okta admitted it has been breached again.

Last Friday, Okta in a blog post admitted that an unidentified hacking group had accessed client files through a support system. The company did not provide exact details, other than a set of technical identifiers.

The news had an immediate impact on Okta’s share price, which dropped 11 percent from a Friday high of $83.63. On Monday the share price continued to fall another 8.1 percent, wiping more than $2 billion off the market value of the firm.

Okta offices in Bellevue, Washington. Image credit: Okta
Okta offices in Bellevue, Washington. Image credit: Okta

2022 breach

Things have still not improved as of Wednesday afternoon, with its share price down a further 4 percent to $69.03, valuing the firm at $11.3 billion.

Okta makes identity management solutions and is a high-profile target for hackers.

In March 2022 Okta famously admitted that it “made a mistake” and “would have made a different decision” over its lengthy breach admission last year.

The 2022 incident occurred when Okta discovered it had been hacked by the Brazilian-based hacking group Lapsus$, and the extortionist group then posted screenshots on its Telegram channel of what it claimed was internal Okta information.

At first Okta had denied it was breached, and said the alleged hack could be related to a previously undisclosed incident in January 2022 that had since been contained.

The fact that it took the firm over two months to notify people of that incident, coupled with chief security officer, David Bradbury insisting that there was “no corrective actions that need to be taken by our customers,” did not go down well in some quarters at that time.

Matters were not helped when Okta later admitted that 2.5 percent of its customers were potentially impacted in the 2022 breach.

Other breaches

Okta has also been at the centre of other higher-profile incidents. Earlier this year, for example, casino giants Caesars and MGM were both affected by hacks.

Caesars was reportedly forced to pay millions in ransom to a hacking group.

MGM had to shut down critical systems that it acknowledged would have a material effect on its bottom line in an SEC filing.

The direct and indirect losses from those incidents totalled over $100 million, CNBC reported.

Both those attacks targeted MGM and Caesars’ Okta installations, using a sophisticated social engineering attack that went through IT help desks.

Three other companies were also targeted by the hacking group, an Okta executive reportedly told Reuters.

Latest breach

In the data breach disclosed last week, Okta said it had “identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system.”

“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” the firm said. “It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.”

Okta said all customers who were impacted by this have been notified.

But according to the CNBC report, at least one of those clients said it had alerted Okta about a potential breach weeks earlier.

In a separate post last Friday, identity management firm BeyondTrust said it had told Okta’s security teams about suspicious activity in BeyondTrust’s own Okta systems on 2 October.

Okta didn’t initially acknowledge the incident as a breach after BeyondTrust alerted the company, despite what BeyondTrust described as concerns that “there was a high likelihood of compromise within Okta support and that we were likely not the only customer impacted.”

“We raised our concerns of a breach to Okta on October 2nd,” BeyondTrust blogged. “Having received no acknowledgement from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers.”

Meanwhile Jake Williams, faculty member at cybersecurity consultants IANS Research and a former hacker for the US National Security Agency (NSA), offered his insight into the incident.

“The issue is bigger than Okta,” said Williams. “It’s unfortunately common for service providers of any size to have trouble believing they are the source of an incident until definitive proof is offered.”

“There’s a pattern here with Okta, and it involves outsourced support,” said Williams. “Okta’s suggestion – that somehow the customer must be responsible for stripping session tokens from the files they specifically request for troubleshooting purposes – is absurd. That’s like handing a knife to a toddler and then blaming the toddler for bleeding.”