195 views 2 mins 0 comments

Okta shares fall 11% after company says client files were accessed by hackers via its support system

In News
October 22, 2023
Okta shares fall 11% after company says client files were accessed by hackers via its support system

Stock prices often fall after a major breach is announced. Many will rebound quickly, but not all do. Here is an example from this past week of a firm taking a significant stock hit shortly after a breach was announced. CNBC reports:

Shares of cybersecurity firm Okta closed down 11.5% after the company said an unidentified hacking group had accessed files that “certain Okta customers” had uploaded to Okta’s support system.

Okta said the hackers were able to access the system using a stolen credential. Okta’s customer offerings, including its production service, were not impacted and are fully operational, the company said.ems, including FedEx and Zoom, according to the company.

Read more at CNBC. Okta is also facing criticism from some customers for failure to alert customers quickly, as a blog post by Beyond Trust suggests:

The incident began when BeyondTrust security teams detected an attacker trying to access an in-house Okta administrator account using a valid session cookie stolen from Okta’s support system. Custom policy controls blocked the attacker’s initial activity, but limitations in Okta’s security model allowed them to perform a few confined actions. BeyondTrust’s own Identity Security Insights tool alerted the team of the attack, and they were able to block all access and verify that that attacker did not gain access to any systems.

The initial incident response indicated a possible compromise at Okta of either someone on their support team or someone in position to access customer support-related data. We raised our concerns of a breach to Okta on October 2nd. Having received no acknowledgement from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers.