Authentication specialist Okta faced another blow last week as it admitted to yet another security breach, resulting in a substantial decline in its market valuation. Last Friday, in a revealing blog post, Okta disclosed that an anonymous hacking group had penetrated its defense through a support system, gaining access to client files. Although the company did not furnish more specifics, they did share a set of technical identifiers for the breach. The consequences of this announcement were instant. Okta’s share price plunged 11% from a Friday high of $83.63. The downward trend persisted with Monday observing an 8.1% drop, erasing more than $2 billion from the company’s market capitalization. As of Wednesday, the share price deteriorated further, down by an additional 4% to $69.03, positioning the firm at a valuation of $11.3 billion.
Financial Impact on Okta
Immediate Share Price Impact: Okta’s shares plummeted by 11% on Friday following the breach announcement. Continued Decline: The share price descended further, closing 8.1% down on Monday. Total Market Value Loss: The firm lost over $2 billion in market valuation since its Friday announcement.
History of Breaches and Impact
Unfortunately for Okta, this isn’t a singular incident. The company faced backlash in March 2022 when it reluctantly confessed to a breach orchestrated by the Brazilian hacking group, Lapsus$. This group boasted about their conquest by posting alleged internal Okta screenshots on their Telegram channel. Initially, Okta dismissed the breach, associating it with an undisclosed January 2022 event. Their delayed response of over two months, combined with Chief Security Officer, David Bradbury’s stance that customers didn’t need to take corrective actions, stirred controversy. Furthermore, Okta’s past isn’t untarnished. It has been associated with other significant security incidents. Prominently, casino behemoths Caesars and MGM suffered hacks: Caesars: Compelled to pay millions as ransom to a hacking entity. MGM: Forced to deactivate critical systems, leading to substantial financial ramifications acknowledged in an SEC filing. These incidents collectively led to losses exceeding $100 million. Both attacks were linked to MGM and Caesars’ Okta installations, executed through an intricate social engineering attack directed at IT help desks. According to an executive from Okta, three other businesses were victims of this hacking group.
The Current Breach
In the recent data breach, Okta stated, “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.” However, they emphasized that this compromised system is distinct from the operational production service, which remains unaffected. They further clarified that their Auth0/CIC case management system remained untouched in this breach. All affected customers have reportedly been informed. However, a contradicting report by CNBC suggests that BeyondTrust, one of Okta’s clients, had forewarned Okta of a potential breach weeks prior. This claim is bolstered by BeyondTrust’s assertion that they notified Okta’s security team of suspicious activities on October 2nd. They voiced concerns over a probable breach within Okta support but received acknowledgment only on October 19th.
Jake Williams, an expert at IANS Research and a former US National Security Agency (NSA) hacker, provided his insights. He mentioned, “The issue is bigger than Okta.” Highlighting the frequent denial of service providers regarding the possibility of them being a breach source, he identified a pattern with Okta. Williams criticized Okta’s standpoint that customers should remove session tokens from files, equating it to “handing a knife to a toddler and then blaming the toddler for bleeding.”
CNBC has extensively reported on Okta’s situation, noting its integral role in cybersecurity across major corporations. Boasting over 18,000 clients, Okta offers products that enable users to access multiple platforms with a single login. Examples include Zoom, which employs Okta to facilitate access to Google Workspace, ServiceNow, VMware, and Workday platforms.
The recurring breaches emphasize the critical importance of cybersecurity in today’s digital age, where even industry leaders like Okta are not immune. As cyber threats continue to evolve, businesses must remain vigilant, continually updating and fortifying their defenses.