Okta’s market value plummeted by over $2 billion post the revelation of a security breach in its support systems. This occurrence joins a list of previous security issues linked to Okta and its services, notably the cyber attacks on casinos that left numerous Las Vegas hotel rooms inoperative for days.
After announcing an unknown hacker group’s penetration into client files via a support system on Friday, Okta’s shares took an 11% dip. The disclosure lacked further details, presenting only technical markers. By the close of trading on Monday, the stock had declined by another 8.1%.
Although not a household name, Okta plays a pivotal role in the cybersecurity infrastructure for major companies. As an identity management entity, over 18,000 customers rely on its tools for centralized login across varied platforms. Notably, Zoom employs Okta to facilitate a singular access point to its suite of applications, including Google Workspace, ServiceNow, VMware, and Workday.
Okta reported reaching out to all impacted clients post the Friday revelation. However, BeyondTrust, a private identity management firm, claimed it had informed Okta about potential vulnerabilities weeks before. BeyondTrust had detected irregular activities in their Okta systems on Oct. 2 and communicated their concerns, suggesting a significant likelihood of a compromise within Okta’s support.
Additionally, Okta’s system faced scrutiny earlier when casino powerhouses Caesars and MGM suffered from cyber attacks. Caesars ended up disbursing millions in ransom, as sources shared with CNBC. MGM underwent system shutdowns, anticipating a considerable impact on its revenue, as stated in an SEC filing. The cumulative losses from these events exceeded $100 million. The attackers primarily exploited MGM and Caesars’ Okta systems via intricate social engineering strategies involving IT help desks. An Okta official confirmed to Reuters that three more firms had faced similar threats from the cybercriminal group.
Previously, in March, the hacking group Lapsus$ reportedly breached multiple Okta systems. This group is also linked with cyber attacks on Uber and Rockstar Games, a Take-Two Interactive division, as noted by the Cybersecurity and Infrastructure Security Agency.