Security News > 2024 > April > Okta warns of "unprecedented" credential stuffing attacks on customers

Okta warns of "unprecedented" credential stuffing attacks on customers
2024-04-27 14:55

Okta warns of an "Unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.

In an advisory today, Okta says the attacks seem to originate from the same infrastructure used in the brute-force and password-spraying attacks previously reported by Cisco Talos [1, 2]. In all attacks that Okta observed the requests came through the TOR anonymization network and various residential proxies.

Okta says the observed attacks were particularly successful against organizations running on the Okta Classic Engine with ThreatInsight configured in Audit-only mode rather than Log and Enforce mode.

The attacks were successful for a small percentage of customers Okta said.

Roku warns 576,000 accounts hacked in new credential stuffing attacks.

Retail chain Hot Topic hit by new credential stuffing attacks.


News URL

https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Okta 8 1 4 5 0 10