Cyberattacks are costly, and not just for enterprises and consumers – technology vendors like Okta can also pay a dear price.

After Okta disclosed it had detected “adversarial activity that leveraged access to a stolen credential” to breach the company’s support management system and infiltrate client records, the identity and access management supplier saw its market cap collapse. Over the course of a week, the company’s share price plummeted by 9% and the company lost nearly $2bn in its valuation.

Okta said it had notified the 200 clients impacted by the breach. The company has a customer base of 18,000 companies. The vendor said the incident likely happened when hacked into customer HTTP Archive files and were able to copy browser activity to pretend to be users to access resources. Okta said it has taken actions to prevent from happening again. Three of its industry peers, 1Password, BeyondTrust, and Cloudflare alerted Okta to the breach.

This is not the first or even second time the security vendor’s technology has been targeted by threat actors. The recent incident is eerily similar to a breach in March 2022 in which cyber attackers breached a subprocesssor used in customer support work.  

And in September of this year, Caesars Entertainment and MGM International were both hacked when cyber criminals breached their Okta agent, a client that interfaces with an organization’s Active Directory

Okta Agent, is the lightweight client that connects to an organization’s Active Directory. Employing social engineering, using staff information collected from LinkedIn the hackers called the help desk for access help, through which they were then able to infiltrate the Okta agent and infect the casinos’ IT estate.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The breaches ultimately cost both companies.

Caesars paid a $15m ransomware demand, while MGM, which shut down most of its IT infrastructure including its web site and gambling floor for a period lost approximately $100m.