Okta Reports Unprecedented Scale of Credential Stuffing Attacks

Okta, a leading identity and access management provider, has reported a surge in credential stuffing attacks targeting its solutions, resulting in the breach of some customer accounts. These attacks, which use techniques like password-spraying and brute-forcing, have been facilitated by the availability of residential proxy services, stolen credentials, and scripting tools.

The attacks, originating from TOR anonymization networks and residential proxies like NSOCKS and Luminati, have been notably effective against organizations using Okta’s Classic Engine with ThreatInsight configured in Audit-only mode. The FBI has warned of a rising trend of cybercriminals using residential proxies for large-scale credential stuffing attacks.

Despite the low success rate of credential stuffing attacks, estimated at around 0.1%, they remain profitable due to the vast number of credentials attackers possess and the prevalence of password reuse among digital users. Okta reports that credential stuffing accounts for 24.3% of all login attempts in 2023, with retail and e-commerce companies being the most targeted.

To counter these threats, Okta recommends enabling ThreatInsight in Log and Enforce Mode, denying access from anonymizing proxies, implementing enhanced security features like CAPTCHA challenges, and using Dynamic Zones to manage access based on criteria like geolocation.

As the prevalence of credential stuffing attacks continues to rise, organizations must remain vigilant and implement robust security measures to protect their systems and data from malicious actors.