Security News Okta warns of "unprecedented" credential stuffing attacks on customers

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.

Threat actors use credential stuffing to compromise user accounts by trying out in an automated manner lists of usernames and passwords typically purchased from cybercriminals.

In an advisory today, Okta says the attacks seem to originate from the same infrastructure used in the brute-force and password-spraying attacks previously reported by Cisco Talos [1, 2].

In all attacks that Okta observed the requests came through the TOR anonymization network and various residential proxies (e.g. NSOCKS, Luminati, and DataImpulse).

Okta warns of "unprecedented" credential stuffing attacks on customers

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.

www.bleepingcomputer.com