Okta
Company Details
Linkedin ID:
okta-inc-
Website:
Employees number:
8,688
Number of followers:
530,478
NAICS:
5112
Industry Type:
Homepage:
okta.com
IP Addresses:
0
Company ID:
OKT_8166558
Scan Status:
In-progress
Okta Company CyberSecurity Posture
okta.com
Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.
Okta A.I CyberSecurity Scoring
Okta Risk Score (AI oriented)Between 650 and 699
Okta
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Okta Global Score (TPRM)XXXX
Okta
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Okta Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
Okta
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Identity and access management services provider Okta recently suffered a data breach incident. Lapsus$ group claimed to have access to Okta's backend administrative consoles and stole a significant amount of customer data. The firm started investigating the incident and removed the access that hackers had.
Okta
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Oakta, a provider of cloud identity and access management solutions, alerts approximately 5,000 employees to a data breach that occurred at Rightway Healthcare, a third-party vendor, which has exposed their personal information. Okta was notified by Rightway Healthcare that an unauthorised actor had obtained access to an eligibility census file that the provider kept while providing services to Okta. Rightway notified Okta that one of its unauthorised actors had obtained access to an eligibility census file that Rightway kept as part of its service delivery to Okta. Names, Social Security numbers, and health or medical insurance plan numbers are among the exposed data. According to the notification, the business is not aware of any improper use of publicly available personal data.
Okta, Inc.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Office of the Attorney General reported that Okta, Inc. experienced a data breach involving Rightway Healthcare, Inc. on November 1, 2023. The breach occurred on September 23, 2023, when an unauthorized actor accessed a file containing personal information, including names, Social Security numbers, and health insurance details, potentially affecting an unknown number of individuals.
Okta
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: In 2023, Okta suffered a significant breach originating from a phishing attack on an employee’s **personal Google account**, which was accessed via a **work device**. The attacker exploited the fact that the employee had logged into their personal Google profile on a corporate laptop, syncing credentials—including those for **134 Okta customer tenants**—to their personal device. When the employee’s personal device was compromised (likely through LinkedIn or another non-email phishing vector), the attacker gained access to these credentials, leading to unauthorized entry into Okta’s systems. The breach highlighted critical vulnerabilities in **identity and access management (IAM)**, particularly the risks of **credential syncing across personal and corporate environments** and the lack of **multi-factor authentication (MFA) on personal accounts**. Attackers leveraged this to pivot into Okta’s infrastructure, potentially exposing sensitive customer data, administrative controls, and authentication systems. The incident underscored how **spear-phishing via non-email channels (e.g., LinkedIn, social media, or messaging apps)** can bypass traditional email security tools, targeting high-privilege users with minimal detection. While Okta downplayed the immediate impact, the breach eroded trust among enterprise clients, many of whom rely on Okta for **secure authentication and single sign-on (SSO)**. The fallout included **reputational damage**, increased scrutiny from regulators, and forced security overhauls, including stricter policies on **personal account usage on corporate devices** and **MFA enforcement**. The attack demonstrated how a single compromised personal account could escalate into a **large-scale enterprise breach**, with potential downstream effects on customers’ security postures.
Okta Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Okta
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Okta in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Okta in 2025.
Incident Types Okta vs Software Development Industry Avg (This Year)
No incidents recorded for Okta in 2025.
Incident History — Okta (X = Date, Y = Severity)
Okta cyber incidents detection timeline including parent company and subsidiaries
Okta Company Subsidiaries
Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.
Loading...
Okta Similar Companies
Baidu is a leading AI company with strong Internet foundation, driven by our mission to “make the complicated world simpler through technology”. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,
NetSuite
Founded in 1998, Oracle NetSuite is the world’s first cloud company. For more than 25 years, NetSuite has helped businesses gain the insight, control, and agility to build and grow a successful business. First focused on financials and ERP, we now provide an AI-powered unified business system that
ByteDance
ByteDance is a global incubator of platforms at the cutting edge of commerce, content, entertainment and enterprise services - over 2.5bn people interact with ByteDance products including TikTok. Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This i
Xiaomi Technology
Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision
Just Eat Takeaway.com
Just Eat Takeaway.com is a leading global online delivery marketplace, connecting consumers and restaurants through our platform in 19 countries. Like a dinner table, working at JET brings our office employees and couriers together. From coding to customer service to couriers, JET is a
Pitney Bowes is a technology-driven products and services company that provides SaaS shipping solutions, mailing innovation, and financial services to clients around the world – including more than 90 percent of the Fortune 500. Small businesses to large enterprises, and government entities rely on
DoorDash
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team membe
Intuit
Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. Serving millions of customers worldwide with TurboTax, QuickBooks, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper and we wo
Cisco
Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities
.png)
Okta CyberSecurity News
December 03, 2025 03:58 AM
Okta projects strong quarterly revenue on rising demand for cybersecurity tools
By Jaspreet Singh Dec 2 (Reuters) - Cybersecurity company Okta forecast fourth-quarter revenue above Wall Street estimates on Tuesday,...
December 02, 2025 10:59 PM
Cyber providers CrowdStrike and Okta post solid quarters but fail to impress investors
Shares in both CrowdStrike Holdings Inc. an Okta Inc. fell more than 3% in late trading today despite both companies reporting earnings and...
December 02, 2025 10:10 PM
Okta Earnings, Revenue Top Estimates But Cybersecurity Stock Dips
Okta stock dipped after the cybersecurity firm reported Q3 earnings and revenue that topped estimates, while Q4 guidance came in above...
December 02, 2025 10:00 PM
Okta Earnings, Revenue Top Estimates But Cybersecurity Stock Dips
Okta stock dipped after the cybersecurity firm reported Q3 earnings and revenue that topped estimates, while Q4 guidance came in above...
December 02, 2025 09:38 PM
Okta beats Q3 earnings as AI agent push drives growth
Okta beat Q3 estimates with $742M revenue vs $730M expected, earning 82 cents per share vs 76 cents forecasted according to CNBC.
December 02, 2025 09:24 PM
Okta Q4 Revenue Forecast Tops Estimates, Driven by AI and Cybersecurity - News and Statistics
Cybersecurity company Okta projected fourth-quarter revenue above Wall Street estimates, according to a report from Reuters.
December 02, 2025 09:03 PM
Okta beats third-quarter earnings expectations
Okta on Tuesday topped Wall Street third-quarter estimates and issued an upbeat outlook as customers adopt identity management solutions.
December 02, 2025 09:02 PM
Okta projects strong quarterly revenue on rising demand for cybersecurity tools
Cybersecurity company Okta forecast fourth-quarter revenue above Wall Street estimates on Tuesday, betting on growing demand for its...
December 02, 2025 04:08 PM
Okta (NASDAQ: OKTA) Braces for Earnings – Stock Finds Some Support at $80
Okta, Inc. (NASDAQ: OKTA), a leading provider of identity and access management solutions, is set to release its third-quarter fiscal year...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Okta CyberSecurity History Information
Official Website of Okta
The official website of Okta is https://www.okta.com.
Okta’s AI-Generated Cybersecurity Score
According to Rankiteo, Okta’s AI-generated cybersecurity score is 653, reflecting their Weak security posture.
How many security badges does Okta’ have ?
According to Rankiteo, Okta currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Okta have SOC 2 Type 1 certification ?
According to Rankiteo, Okta is not certified under SOC 2 Type 1.
Does Okta have SOC 2 Type 2 certification ?
According to Rankiteo, Okta does not hold a SOC 2 Type 2 certification.
Does Okta comply with GDPR ?
According to Rankiteo, Okta is not listed as GDPR compliant.
Does Okta have PCI DSS certification ?
According to Rankiteo, Okta does not currently maintain PCI DSS compliance.
Does Okta comply with HIPAA ?
According to Rankiteo, Okta is not compliant with HIPAA regulations.
Does Okta have ISO 27001 certification ?
According to Rankiteo,Okta is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Okta
Okta operates primarily in the Software Development industry.
Number of Employees at Okta
Okta employs approximately 8,688 people worldwide.
Subsidiaries Owned by Okta
Okta presently has no subsidiaries across any sectors.
Okta’s LinkedIn Followers
Okta’s official LinkedIn profile has approximately 530,478 followers.
NAICS Classification of Okta
Okta is classified under the NAICS code 5112, which corresponds to Software Publishers.
Okta’s Presence on Crunchbase
Yes, Okta has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/okta.
Okta’s Presence on LinkedIn
Yes, Okta maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/okta-inc-.
Cybersecurity Incidents Involving Okta
As of December 04, 2025, Rankiteo reports that Okta has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Okta has an estimated 27,188 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Okta ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Okta ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Okta detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with removed hacker access, and communication strategy with notification to employees, and incident response plan activated with likely ad-hoc; most organizations lack playbooks for non-email phishing, and third party assistance with push security (browser-based phishing detection), third party assistance with mdr/soc providers (for containment), third party assistance with linkedin trust & safety team (account takeover reports), and law enforcement notified with unlikely unless fraud/ransomware escalates, and containment measures with blocking known malicious urls (whack-a-mole approach), containment measures with revoking compromised sso tokens, containment measures with disabling synced credentials on personal devices, containment measures with isolating affected executive accounts, and remediation measures with enforcing mfa on all accounts (including personal linkedin), remediation measures with browser isolation for high-risk roles, remediation measures with sso audit & saml configuration hardening, remediation measures with employee training on non-email phishing, remediation measures with monitoring for ghost logins/anomalous sessions, and recovery measures with credential rotation for execs/privileged users, recovery measures with linkedin account recovery (for hijacked profiles), recovery measures with reputation management (customer/partner communications), and communication strategy with internal alerts (avoiding panic but raising awareness), communication strategy with executive-specific warnings (targeted messaging), communication strategy with public disclosure only if regulatory/mandatory, and network segmentation with recommended for high-value targets, and enhanced monitoring with browser-level phishing detection (e.g., push security), enhanced monitoring with behavioral analytics for anomalous logins, enhanced monitoring with dark web monitoring for stolen credentials..
Incident Details
Can you provide details on each incident ?
Title: Okta Data Breach Incident
Description: Identity and access management services provider Okta recently suffered a data breach incident. Lapsus$ group claimed to have access to Okta's backend administrative consoles and stole a significant amount of customer data. The firm started investigating the incident and removed the access that hackers had.
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Lapsus$ group
Motivation: Data Theft
Title: Data Breach at Okta via Rightway Healthcare
Description: Okta, a provider of cloud identity and access management solutions, alerts approximately 5,000 employees to a data breach that occurred at Rightway Healthcare, a third-party vendor, which has exposed their personal information.
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Actor
Title: Okta, Inc. Data Breach Involving Rightway Healthcare, Inc.
Description: The California Office of the Attorney General reported that Okta, Inc. experienced a data breach involving Rightway Healthcare, Inc. on November 1, 2023. The breach occurred on September 23, 2023, when an unauthorized actor accessed a file containing personal information, including names, Social Security numbers, and health insurance details, potentially affecting an unknown number of individuals.
Date Detected: 2023-11-01
Type: Data Breach
Threat Actor: Unauthorized Actor
Title: Rise of LinkedIn-Based Phishing Attacks Targeting Enterprise Executives (2025)
Description: Phishing attacks are increasingly occurring outside traditional email channels, with 1 in 3 attacks now taking place over non-email platforms like LinkedIn. Attackers are leveraging LinkedIn's direct messaging (DM) functionality to bypass email security tools, targeting high-value executives in financial services and technology sectors. These attacks exploit the lack of visibility security teams have into LinkedIn communications, the ease of hijacking legitimate accounts (60% of infostealer logs contain social media credentials, often lacking MFA), and the trust inherent in professional networking interactions. Successful compromises can escalate into enterprise-wide breaches via SSO platforms (e.g., Microsoft Entra, Google Workspace, Okta), leading to multi-million-dollar losses. The 2023 Okta breach, initiated via a personal Google account on a work device, exemplifies the risk of cross-platform credential syncing.
Type: Phishing (Non-Email)
Attack Vector: LinkedIn Direct Messages (DMs)Hijacked Legitimate LinkedIn AccountsAI-Powered Automated MessagingMalicious URLs (Rapidly Rotated Domains)Fake Investment Opportunity Landing PagesPretexting (Urgent Approvals, Document Reviews)Cross-Platform Credential Syncing (Work-Personal Device Overlap)
Vulnerability Exploited: Lack of MFA on Personal/Social Media AccountsSSO Misconfigurations (e.g., Microsoft Entra, Google Workspace, Okta)Browser-Based Credential Storage (Syncing Across Devices)Absence of Visibility/Monitoring for Non-Email ChannelsTrust in Professional Networking PlatformsLegacy Authentication Protocols (e.g., SAMLjacking)Ghost Logins (Unmonitored Active Sessions)
Motivation: Financial Gain (Fraud, Ransomware, Data Theft)Corporate EspionageSupply Chain CompromiseInitial Access Brokering (Selling Access to Other Cybercriminals)Credential Harvesting for Follow-on Attacks
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Hijacked LinkedIn Accounts (60% of infostealer logs contain social media credentials)AI-Generated Direct Messages (Scalable Outreach)Fake Investment Opportunity Landing PagesCompromised Personal Devices (Laundering to Corporate Access).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach OKT233422322
Data Compromised: Customer Data
Systems Affected: Backend Administrative Consoles
Incident : Data Breach OKT1136121123
Data Compromised: Names, Social security numbers, Health or medical insurance plan numbers
Incident : Data Breach OKT903080425
Data Compromised: Names, Social security numbers, Health insurance details
Incident : Phishing (Non-Email) OKT2633126111725
Financial Loss: Potential multi-million-dollar losses per breach (scalable based on executive access)
Data Compromised: Corporate credentials (sso, saas, identity providers), Executive/employee pii, Internal communications (slack, teams), Customer data (via compromised tenant access), Financial records (if execs have approval privileges), Intellectual property (depending on access level)
Systems Affected: Microsoft Entra (Azure AD)Google WorkspaceOkta (or other Identity Providers)Connected SaaS Applications (via SSO)Internal Messaging Platforms (Slack, Teams)Corporate Devices (Laptops, Phones with Synced Credentials)Personal Devices (Laundering for Corporate Access)
Downtime: Variable; potential operational disruption during containment/remediation (e.g., revoking SSO tokens, resetting credentials)
Operational Impact: Loss of Productivity (Phishing Investigation, Account Lockouts)Supply Chain Disruptions (if third-party access compromised)Incident Response Overhead (Cross-Platform Forensics)Reputation Damage with Partners/Clients
Revenue Loss: Indirect: Contract losses, customer churn, or regulatory fines (if data breached)
Customer Complaints: Likely if customer data exposed or services disrupted
Brand Reputation Impact: High; erosion of trust in executive security practices and corporate resilience
Legal Liabilities: Potential GDPR/CCPA Violations (if PII exposed)Shareholder Lawsuits (if financial fraud occurs)Contractual Breaches (if client data compromised)
Identity Theft Risk: High (executive credentials can enable deep impersonation)
Payment Information Risk: Moderate (if execs have access to financial systems)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Data, Personally Identifiable Information, Health Information, , Names, Social Security Numbers, Health Insurance Details, , Corporate Credentials, Personally Identifiable Information (Pii), Financial Data (If Execs Have Access), Customer/Partner Data (Via Sso), Internal Communications and .
Which entities were affected by each incident ?
Incident : Data Breach OKT233422322
Entity Name: Okta
Entity Type: Service Provider
Industry: Identity and Access Management
Incident : Data Breach OKT1136121123
Entity Name: Okta
Entity Type: Organization
Industry: Cloud Identity and Access Management
Customers Affected: 5000
Incident : Data Breach OKT903080425
Entity Name: Okta, Inc.
Entity Type: Company
Industry: Technology
Customers Affected: Unknown number of individuals
Incident : Data Breach OKT903080425
Entity Name: Rightway Healthcare, Inc.
Entity Type: Company
Industry: Healthcare
Customers Affected: Unknown number of individuals
Incident : Phishing (Non-Email) OKT2633126111725
Entity Type: Enterprises (Primary Targets), Financial Services Firms, Technology Companies, Executives (C-Suite, High-Privilege Roles)
Industry: Financial Services, Technology, Professional Services, Any Sector Using LinkedIn for Business
Location: Global (LinkedIn is a worldwide platform)
Size: Primarily mid-to-large enterprises (due to executive targeting)
Customers Affected: Potential downstream impact if customer data accessed via compromised SSO
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach OKT233422322
Containment Measures: Removed Hacker Access
Incident : Data Breach OKT1136121123
Communication Strategy: Notification to Employees
Incident : Phishing (Non-Email) OKT2633126111725
Incident Response Plan Activated: Likely ad-hoc; most organizations lack playbooks for non-email phishing
Third Party Assistance: Push Security (Browser-Based Phishing Detection), Mdr/Soc Providers (For Containment), Linkedin Trust & Safety Team (Account Takeover Reports).
Law Enforcement Notified: Unlikely unless fraud/ransomware escalates
Containment Measures: Blocking Known Malicious URLs (Whack-a-Mole Approach)Revoking Compromised SSO TokensDisabling Synced Credentials on Personal DevicesIsolating Affected Executive Accounts
Remediation Measures: Enforcing MFA on All Accounts (Including Personal LinkedIn)Browser Isolation for High-Risk RolesSSO Audit & SAML Configuration HardeningEmployee Training on Non-Email PhishingMonitoring for Ghost Logins/Anomalous Sessions
Recovery Measures: Credential Rotation for Execs/Privileged UsersLinkedIn Account Recovery (for Hijacked Profiles)Reputation Management (Customer/Partner Communications)
Communication Strategy: Internal Alerts (Avoiding Panic but Raising Awareness)Executive-Specific Warnings (Targeted Messaging)Public Disclosure Only if Regulatory/Mandatory
Network Segmentation: Recommended for High-Value Targets
Enhanced Monitoring: Browser-Level Phishing Detection (e.g., Push Security)Behavioral Analytics for Anomalous LoginsDark Web Monitoring for Stolen Credentials
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Likely ad-hoc; most organizations lack playbooks for non-email phishing.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Push Security (Browser-Based Phishing Detection), MDR/SOC Providers (for containment), LinkedIn Trust & Safety Team (Account Takeover Reports), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach OKT233422322
Type of Data Compromised: Customer Data
Incident : Data Breach OKT1136121123
Type of Data Compromised: Personally identifiable information, Health information
Number of Records Exposed: 5000
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security numbers
Incident : Data Breach OKT903080425
Type of Data Compromised: Names, Social security numbers, Health insurance details
Number of Records Exposed: Unknown
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security numbers
Incident : Phishing (Non-Email) OKT2633126111725
Type of Data Compromised: Corporate credentials, Personally identifiable information (pii), Financial data (if execs have access), Customer/partner data (via sso), Internal communications
Number of Records Exposed: Variable; depends on access level of compromised account (e.g., 134 Okta customer tenants in 2023 breach)
Sensitivity of Data: High (executive-level access often includes sensitive corporate/financial data)
Data Exfiltration: Likely (attackers leverage SSO to move laterally and exfiltrate data)
Data Encryption: Unlikely (unless ransomware follows initial compromise)
File Types Exposed: Documents (via fake 'review' pretexts)Spreadsheets (financial data)Emails/Messages (Slack, Teams)Database Dumps (if execs have admin access)
Personally Identifiable Information: Yes (names, titles, contact info, potentially SSNs/financial details if accessed)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Enforcing MFA on All Accounts (Including Personal LinkedIn), Browser Isolation for High-Risk Roles, SSO Audit & SAML Configuration Hardening, Employee Training on Non-Email Phishing, Monitoring for Ghost Logins/Anomalous Sessions, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by removed hacker access, blocking known malicious urls (whack-a-mole approach), revoking compromised sso tokens, disabling synced credentials on personal devices, isolating affected executive accounts and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Phishing (Non-Email) OKT2633126111725
Data Exfiltration: Possible follow-on activity post-compromise
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Credential Rotation for Execs/Privileged Users, LinkedIn Account Recovery (for Hijacked Profiles), Reputation Management (Customer/Partner Communications), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Phishing (Non-Email) OKT2633126111725
Regulations Violated: Potential GDPR (if EU citizen data exposed), CCPA (if California residents affected), Industry-Specific (e.g., GLBA for financial services),
Fines Imposed: Depends on jurisdiction and scale of breach
Legal Actions: Class-Action Lawsuits (if PII exposed), Regulatory Investigations (e.g., SEC for public companies),
Regulatory Notifications: Mandatory if PII breached (e.g., 72-hour GDPR deadline)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class-Action Lawsuits (if PII exposed), Regulatory Investigations (e.g., SEC for public companies), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Phishing (Non-Email) OKT2633126111725
Lessons Learned: Phishing is no longer confined to email; security must extend to all communication channels (social media, messaging apps, etc.)., Personal apps (e.g., LinkedIn) used for work purposes create blind spots for security teams., MFA gaps on 'personal' accounts (e.g., LinkedIn) can lead to corporate breaches via credential syncing., Executives are high-value targets due to their access privileges and trust within organizations., Traditional email security tools are ineffective against non-email phishing vectors., SSO platforms (e.g., Okta, Microsoft Entra) amplify the impact of single-account compromises., Browser-level security is critical to detect phishing across all delivery channels., Proactive measures (e.g., ghost login detection, MFA enforcement) are essential to mitigate risks.
What recommendations were made to prevent future incidents ?
Incident : Phishing (Non-Email) OKT2633126111725
Recommendations: Cultural: Foster a **culture of skepticism** for unsolicited messages, even from 'trusted' contacts on LinkedIn., Encourage **reporting of suspicious activity** across all platforms (not just email)., Hold **executives accountable** for security hygiene (e.g., MFA on LinkedIn, avoiding credential syncing)., Conduct **red team exercises** simulating LinkedIn-based spear-phishing to test defenses., Cultural: Foster a **culture of skepticism** for unsolicited messages, even from 'trusted' contacts on LinkedIn., Encourage **reporting of suspicious activity** across all platforms (not just email)., Hold **executives accountable** for security hygiene (e.g., MFA on LinkedIn, avoiding credential syncing)., Conduct **red team exercises** simulating LinkedIn-based spear-phishing to test defenses., Cultural: Foster a **culture of skepticism** for unsolicited messages, even from 'trusted' contacts on LinkedIn., Encourage **reporting of suspicious activity** across all platforms (not just email)., Hold **executives accountable** for security hygiene (e.g., MFA on LinkedIn, avoiding credential syncing)., Conduct **red team exercises** simulating LinkedIn-based spear-phishing to test defenses., Cultural: Foster a **culture of skepticism** for unsolicited messages, even from 'trusted' contacts on LinkedIn., Encourage **reporting of suspicious activity** across all platforms (not just email)., Hold **executives accountable** for security hygiene (e.g., MFA on LinkedIn, avoiding credential syncing)., Conduct **red team exercises** simulating LinkedIn-based spear-phishing to test defenses..
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Phishing is no longer confined to email; security must extend to all communication channels (social media, messaging apps, etc.).,Personal apps (e.g., LinkedIn) used for work purposes create blind spots for security teams.,MFA gaps on 'personal' accounts (e.g., LinkedIn) can lead to corporate breaches via credential syncing.,Executives are high-value targets due to their access privileges and trust within organizations.,Traditional email security tools are ineffective against non-email phishing vectors.,SSO platforms (e.g., Okta, Microsoft Entra) amplify the impact of single-account compromises.,Browser-level security is critical to detect phishing across all delivery channels.,Proactive measures (e.g., ghost login detection, MFA enforcement) are essential to mitigate risks.
References
Where can I find more information about each incident ?
Incident : Data Breach OKT903080425
Source: California Office of the Attorney General
Date Accessed: 2023-11-01
Incident : Phishing (Non-Email) OKT2633126111725
Source: Push Security: 'Phishing in 2025: Trends and Case Studies' Webinar
Incident : Phishing (Non-Email) OKT2633126111725
Source: Okta Breach (2023) Post-Mortem: Personal Google Account Compromise
Incident : Phishing (Non-Email) OKT2633126111725
Source: Infostealer Log Analysis: 60% of Credentials Linked to Social Media (Including LinkedIn)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2023-11-01, and Source: Push Security: 'Phishing in 2025: Trends and Case Studies' Webinar, and Source: Okta Breach (2023) Post-Mortem: Personal Google Account Compromise, and Source: Infostealer Log Analysis: 60% of Credentials Linked to Social Media (Including LinkedIn).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach OKT233422322
Investigation Status: Investigating
Incident : Phishing (Non-Email) OKT2633126111725
Investigation Status: Ongoing; industry-wide trend with no single attributed incident (as of 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification to Employees, Internal Alerts (Avoiding Panic But Raising Awareness), Executive-Specific Warnings (Targeted Messaging) and Public Disclosure Only If Regulatory/Mandatory.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Phishing (Non-Email) OKT2633126111725
Stakeholder Advisories: Executives: Avoid Mixing Personal/Professional Accounts; Enable Mfa On Linkedin., It/Security Teams: Monitor For Sso Anomalies And Browser-Based Attacks., Hr: Include Linkedin Phishing In Security Awareness Training., Legal/Compliance: Prepare For Potential Regulatory Scrutiny If Pii Is Exposed..
Customer Advisories: No direct customer advisories unless a specific breach occurs (general awareness recommended).Customers should monitor for phishing attempts impersonating partnered executives.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Executives: Avoid Mixing Personal/Professional Accounts; Enable Mfa On Linkedin., It/Security Teams: Monitor For Sso Anomalies And Browser-Based Attacks., Hr: Include Linkedin Phishing In Security Awareness Training., Legal/Compliance: Prepare For Potential Regulatory Scrutiny If Pii Is Exposed., No Direct Customer Advisories Unless A Specific Breach Occurs (General Awareness Recommended)., Customers Should Monitor For Phishing Attempts Impersonating Partnered Executives. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing (Non-Email) OKT2633126111725
Entry Point: Hijacked Linkedin Accounts (60% Of Infostealer Logs Contain Social Media Credentials), Ai-Generated Direct Messages (Scalable Outreach), Fake Investment Opportunity Landing Pages, Compromised Personal Devices (Laundering To Corporate Access),
Reconnaissance Period: ['Short (if using hijacked accounts with existing connections)', 'Longer if building fake profiles from scratch (weeks/months)']
Backdoors Established: ['Persistent SSO Sessions (Ghost Logins)', 'Malicious OAuth Grants (e.g., third-party app permissions)', 'Browser Extensions (if installed via phishing)', 'Synced Credentials (Personal-Corporate Device Overlap)']
High Value Targets: C-Suite Executives (Ceo, Cfo, Ciso), Finance/Accounting Teams (Payment Approvals), It Admins (Sso/Identity Provider Access), Hr (Employee Data), Sales/Bd (Client Communications),
Data Sold on Dark Web: C-Suite Executives (Ceo, Cfo, Ciso), Finance/Accounting Teams (Payment Approvals), It Admins (Sso/Identity Provider Access), Hr (Employee Data), Sales/Bd (Client Communications),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Phishing (Non-Email) OKT2633126111725
Root Causes: Over-Reliance On Email-Centric Security Tools, Ignoring Non-Email Vectors (Linkedin, Slack, Etc.)., Lack Of Visibility Into Communications On 'Personal' Apps Used For Work (E.G., Linkedin Dms)., Insufficient Mfa Adoption On Social Media Platforms (Seen As 'Personal' Despite Work Use)., Sso Misconfigurations Allowing Lateral Movement From A Single Compromised Account., Browser-Based Credential Syncing Between Personal And Corporate Devices (E.G., Okta 2023 Breach)., Trust In Linkedin'S Professional Context, Lowering User Skepticism Of Messages., Rapid Domain Rotation By Attackers, Outpacing Traditional Url-Blocking Defenses.,
Corrective Actions: Immediate: ['Block known malicious domains (though limited effectiveness).', 'Reset credentials for compromised executives/SSO accounts.', 'Isolate affected devices to prevent lateral movement.', 'Report hijacked LinkedIn accounts to LinkedIn Trust & Safety.'], Short Term: ['Deploy browser-level phishing detection (e.g., Push Security).', 'Enforce MFA on all LinkedIn accounts used for work.', 'Audit SSO configurations for over-permissioned roles.', 'Train employees on non-email phishing (LinkedIn, Slack, etc.).', 'Monitor for ghost logins and anomalous sessions.'], Long Term: ["Adopt a **Zero Trust** model for all applications, including 'personal' apps used for work.", 'Implement **unified endpoint management (UEM)** to restrict personal account use on corporate devices.', 'Develop **cross-channel phishing playbooks** (email, social media, SaaS).', 'Conduct **regular red team exercises** simulating LinkedIn-based attacks.', 'Partner with **threat intelligence providers** to track dark web sales of corporate credentials.', 'Advocate for **industry-wide standards** on non-email phishing reporting/mitigation.'],
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Push Security (Browser-Based Phishing Detection), Mdr/Soc Providers (For Containment), Linkedin Trust & Safety Team (Account Takeover Reports), , Browser-Level Phishing Detection (E.G., Push Security), Behavioral Analytics For Anomalous Logins, Dark Web Monitoring For Stolen Credentials, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Immediate: ['Block known malicious domains (though limited effectiveness).', 'Reset credentials for compromised executives/SSO accounts.', 'Isolate affected devices to prevent lateral movement.', 'Report hijacked LinkedIn accounts to LinkedIn Trust & Safety.'], Short Term: ['Deploy browser-level phishing detection (e.g., Push Security).', 'Enforce MFA on all LinkedIn accounts used for work.', 'Audit SSO configurations for over-permissioned roles.', 'Train employees on non-email phishing (LinkedIn, Slack, etc.).', 'Monitor for ghost logins and anomalous sessions.'], Long Term: ["Adopt a **Zero Trust** model for all applications, including 'personal' apps used for work.", 'Implement **unified endpoint management (UEM)** to restrict personal account use on corporate devices.', 'Develop **cross-channel phishing playbooks** (email, social media, SaaS).', 'Conduct **regular red team exercises** simulating LinkedIn-based attacks.', 'Partner with **threat intelligence providers** to track dark web sales of corporate credentials.', 'Advocate for **industry-wide standards** on non-email phishing reporting/mitigation.'], .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Lapsus$ group, Unauthorized Actor and Unauthorized Actor.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-01.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was Potential multi-million-dollar losses per breach (scalable based on executive access).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Data, Names, Social Security numbers, Health or medical insurance plan numbers, , Names, Social Security numbers, Health insurance details, , Corporate Credentials (SSO, SaaS, Identity Providers), Executive/Employee PII, Internal Communications (Slack, Teams), Customer Data (via compromised tenant access), Financial Records (if execs have approval privileges), Intellectual Property (depending on access level) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Microsoft Entra (Azure AD)Google WorkspaceOkta (or other Identity Providers)Connected SaaS Applications (via SSO)Internal Messaging Platforms (Slack, Teams)Corporate Devices (Laptops, Phones with Synced Credentials)Personal Devices (Laundering for Corporate Access).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was push security (browser-based phishing detection), mdr/soc providers (for containment), linkedin trust & safety team (account takeover reports), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Removed Hacker Access and Blocking Known Malicious URLs (Whack-a-Mole Approach)Revoking Compromised SSO TokensDisabling Synced Credentials on Personal DevicesIsolating Affected Executive Accounts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Financial Records (if execs have approval privileges), Names, Social Security numbers, Intellectual Property (depending on access level), Health or medical insurance plan numbers, Corporate Credentials (SSO, SaaS, Identity Providers), Customer Data, Internal Communications (Slack, Teams), Customer Data (via compromised tenant access), Health insurance details and Executive/Employee PII.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 839.0.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was Depends on jurisdiction and scale of breach.
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class-Action Lawsuits (if PII exposed), Regulatory Investigations (e.g., SEC for public companies), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive measures (e.g., ghost login detection, MFA enforcement) are essential to mitigate risks.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Infostealer Log Analysis: 60% of Credentials Linked to Social Media (Including LinkedIn), Push Security: 'Phishing in 2025: Trends and Case Studies' Webinar, Okta Breach (2023) Post-Mortem: Personal Google Account Compromise and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigating.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Executives: Avoid mixing personal/professional accounts; enable MFA on LinkedIn., IT/Security Teams: Monitor for SSO anomalies and browser-based attacks., HR: Include LinkedIn phishing in security awareness training., Legal/Compliance: Prepare for potential regulatory scrutiny if PII is exposed., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an No direct customer advisories unless a specific breach occurs (general awareness recommended).Customers should monitor for phishing attempts impersonating partnered executives.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Short (if using hijacked accounts with existing connections)Longer if building fake profiles from scratch (weeks/months).
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=okta-inc-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
