Okta Cross-origin Authentication Feature in Customer Identity Cloud Targeted in Credential Stuffing Attacks
On May 28, 2024, Okta disclosed that the cross-origin authentication feature in Customer Identity Cloud (CIC) is being targeted by credential-stuffing attacks. These attacks involve threat actors using large lists of stolen usernames and passwords to gain unauthorized access to online services. Suspicious activity has been observed starting from April 15, prompting Okta to notify affected customers and provide guidance to mitigate the issue.