Numerous Okta customers were reported by the leading identity and access management service provider to have been subjected to credential-stuffing attacks targeting the cross-origin authentication functionality of its Customer Identity Cloud offering since April, according to BleepingComputer.
Aside from deactivating URLs used by the feature to add JavaScript to websites, organizations' administrators have been urged to monitor for "fcoa," "scoa," and "pwd_leak" events within their logs; immediately rotate impacted credentials; adopt multi-factor authentication, more robust passwords, and phishing-resistant passwordless authentication; facilitate detection of compromised passwords; and limit permitted origins for cross-origin authentication if needed.
"As part of our Okta Secure Identity Commitment and commitment to customer security, we routinely monitor and review potentially suspicious activity and proactively send notifications to customers," said Okta.
Such a development comes more than a month after an Okta warning to customers detailed the "unprecedented" volume of credential-stuffing intrusions aimed at online services.
