Shares in Okta Inc. dropped Friday after the identity and access management company disclosed yet another data breach.

The breach is officially described by Okta as involving “adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system.” Using the stolen credentials, the threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.

Okta noted that the support case system is separate from the production Okta service, which has not been affected by the breach. The company’s Auth0/CIC case management system was also not involved.

All customers affected have been notified, with the company saying that it also working with impacted customers to investigate the attack further. Okta is also recommending that customers sanitize all credentials and cookies/session tokens within an HAR file before sharing it. Okta did not disclose how many customers were affected nor how stolen credentials were obtained.

Where the story gets interesting is that one of the affected customers, BeyondTrust Corp., has come forward and disclosed its experience, and it’s not a good look for Okta. The company said that it had detected an identity-centric attack on an in-house Okta administrator account on Oct. 2, but after alerting Okta the same day and then following up, it had no response for over a week.

“We raised our concerns of a breach to Okta on October 2nd,” BeyondTrust writes. “Having received no acknowledgment from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers.”

Cloudflare Inc. has also come forward, saying that on Oct. 18, it discovered attacks on its systems that it traced back to Okta. Although Cloudflare was able to protect its customers, the company pointed specifically to the BeyondTrust report and Okta’s lack of response, recommending that Okta take any report of compromise seriously and act on it immediately to limit damage.

This isn’t the first time Okta has suffered a breach and unfortunately, the company is starting to look like it has broader security issues. If BeyondTrust’s report is accurate, at the very least, it has in-house management problems. The new breach may turn out to be minor, but the company’s shares weren’t down nearly 12% in trading on Friday based on a single small breach.

Okta was famously targeted by the Lapsus$ hacking group, alongside Microsoft Corp., in March 2022, with internal documents stolen. In that case, the hack had taken place in January but was not disclosed until March and only when Lapsus$ went public with the details. Okta reportedly suffered another data breach in December, with some of its source code repositories accessed.

“The breach of Okta’s support system is a reminder of the importance of strong password management and multifactor authentication,” Rahul Pawar, a global vice president at data protection and management software company CommVault Systems Inc., told SiliconANGLE. “It’s yet another example of how a multilayered cybersecurity and cyber resilience program can protect organizations from cyberattacks and reduce the risk of compromise – ultimately protecting their data and users.”

Pawar added that “organizations that use Okta should take the necessary steps to protect themselves from this breach, including requiring all users to use strong passwords and MFA, enabling MFA on all Okta accounts, including administrative accounts, monitoring Okta logs for suspicious activity and implementing a zero-trust security model to reduce the risk of compromise even if an attacker gains access to a user’s credentials.”

Photo: Okta