Okta warns users to be aware of damaging cyberattacks targeting customers

News
By published

Criminals engaged in credential stuffing attack against Okta

A zoomed-in picture of a computer screen displaying a login window with a password typed in
(Image credit: Future)

Identity and access management giant Okta has warned customers of an ongoing credential stuffing attack against one of its tools and suggested users either disable it, or apply a set of mitigations to remain secure.

An announcement from the company noted how hackers have been abusing the cross-origin authentication feature in Customer Identity Cloud (CIC) to mount credential stuffing attacks for several weeks now.

"Okta has determined that the feature in Customer Identity Cloud (CIC) is prone to being targeted by threat actors orchestrating credential-stuffing attacks," the announcement read. "As part of our Okta Secure Identity Commitment and commitment to customer security, we routinely monitor and review potentially suspicious activity and proactively send notifications to customers."

Stuffing the login page

Okta Customer Identity Cloud is a comprehensive identity and access management (IAM) platform designed to manage and secure customer identities. Cross-origin resource sharing (CORS), being abused, is a security mechanism that allows web applications running at one origin (domain) to request resources from a server at a different origin. 

Finally, credential stuffing attack is when hackers “stuff” an online login page with countless credentials obtained elsewhere, in an attempt to break into different accounts. 

With CORS, customers add JavaScript to their websites and applications, which sends authentication calls to the Okta API hosted, BleepingComputer explains. However, the feature only works when customers grant access to the URLs from which cross-origin requests can be created. 

Hence, if these URLs are not being actively used, they should be disabled, Okta said.

Those interested to see if their infrastructure was targeted already should check their logs for “fcoa”, “scoa”, and “pwd_leak” events, which are evidence of cross-origin authentication and login attempts. If the tenant doesn’t use cross-origin authentication but the logs show fcoa and scoa events, then a credential stuffing attempt has been made. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Password
Millions of airline customers possibly affected by OAuth security flaw
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Representational image of a shrouded hacker.
Getting to grips with Adversary-in-the-Middle threats
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Google Pixel 9 on blue background with big savings text overlay

Forget Amazon, the best Pixel 9 deal is at Mint Mobile today - get $400 off without an annoying trade-in
See more latest
Most Popular
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow