This attack, which is based on credential stuffing, comes from residential proxy networks, without the knowledge of their users, favoring the effectiveness and scope of the attack. Okta recommends several protective actions to its users.
“ Millions of requests “, this is the big range that Okta announces on its blog about the latest cyberattack by credential stuffing that the main identity provider for the company says it suffered, between March and April 2024.
But it’s not like Okta isn’t a subscriber to hacking. In March 2022, a first hack, operated by the Lapsus$ group, took advantage of a flaw that the group had nevertheless corrected. And less than two years later, in September 2023, an attack is taking place that does not only affect 1% of their users as announced, but all of those who contacted customer service.
Credential stuffing more effective than brute force attack
To understand what motivated the hackers, whose identity we do not yet know, whether it is a group or several lone wolves, we must first know what a credential stuffing attack, often compared to brute force attack.
Credential stuffing is a cyberattack that uses stolen credentials to access various accounts. And as is often the case, unfortunately, cyber hackers, who are very opportunistic, take advantage of the tendency of users to reuse the same passwords. These automated attacks test credentials across multiple platforms, and in bulk. Since credential stuffing is not specifically aimed at an account, it is effective for finding valid usernames and passwords among millions, the famous range announced by Okta on its blog. The icing on the cake is that this method easily bypasses basic protections thanks to distributed networks such as botnets, to go under the radar of security tools. Some systems can even surpass basic security, including simple CAPTCHAs.
The brute force attack, on the contrary, will try to guess passwords by trial and error. Credential stuffing is therefore more effective, especially with identifiers that have previously been compromised. This is why credential stuffing is about to replace brute force attacks in the hearts of hackers.
How to protect yourself from credential stuffing attacks
As is often the case with protection recommendations, whether for companies or individuals, each of whom has personal and sensitive data potentially exploitable by cyberhackers, the duo formed by the service and its client must look into the same direction.
Okta chooses to educate its users about the importance of creating unique and complex passwords for each account, i.e. at least 11 characters, changed very regularly. Okta, like other companies, would be well advised to monitor connection anomalies or limit their number over a given period, to avoid massive attacks such as the one suffered at the end of April 2024.
For its part, at Clubic, we also recommend using one of the password managers that we have selected to make your job easier by helping you generate and store strong passwords. If you prefer the manual method, then it is strongly advised to use your imagination to avoid passwords that are significantly similar or vary on the same theme.
Finally, don’t hesitate to add an extra layer of protection with enabling two-factor authentication (2FA), which requires additional proof of identity beyond just a password.
Sources: Ars Technica, Okta
1