Okta, Inc.

Last updated
Okta, Inc.
FormerlySaasure Inc. (2009–2010)
Company type Public
Industry Software
FoundedJanuary 2009;15 years ago (2009-01)
Founders
  • Todd McKinnon
  • Frederic Kerrest
Headquarters 100 First Plaza
San Francisco, California, U.S.
Area served
Worldwide
Key people
  • Todd McKinnon (CEO)
  • Frederic Kerrest (COO)
ProductsSingle Sign-On
RevenueIncrease2.svg US$2.26 billion (2024)
Increase Negative.svg US$516 million (2024)
Increase Negative.svg US$355 million (2024)
Total assets Decrease2.svg US$8.99 billion (2024)
Total equity Increase2.svg US$5.89 billion (2024)
Number of employees
5,908 (2024)
Website okta.com
Footnotes /references
Financials as of January 31,2024. [1]

Okta, Inc. (formerly SaaSure Inc.) is an American identity and access management company based in San Francisco. [2] It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website, web services, and devices. [3] It was founded in 2009 and had its initial public offering in 2017, reaching a valuation of over $6 billion.

Contents

Products and services

Okta sells six services, including a single-sign-on service that allows users to log into a variety of systems using a single centralized process. For example, the company claims the ability to log into Gmail, Workday, Salesforce and Slack with one login. [4] [5] It also offers API authentication services. [6]

Okta's services are built on the Amazon Web Services cloud. [7]

Okta primarily targets enterprise businesses. Claimed customers as of 2020 include Zoominfo, JetBlue, Nordstrom, MGM Resorts International, and the U.S. Department of Justice. [8]

Okta runs an annual “Oktane” user conference, which in 2018 featured former US President Barack Obama as a keynote speaker. [9] [10] [11]

History

Logo until 2022 Okta logo.svg
Logo until 2022

Okta was co-founded in 2009 by Todd McKinnon and Frederic Kerrest, who previously worked together at Salesforce. [12]

In 2015, the company raised US $75 million in venture capital from Andreessen Horowitz, Greylock Partners, and Sequoia Capital, at a total initial valuation of US$1.2 billion. [13]

In 2017, Okta's initial public offering priced at $17.00 per share, trading up on its first day, to raise an additional US$187 million. [14] [15] At the time of its IPO, Sequoia Capital was the biggest shareholder, with a 21.2 percent stake. [16]

In January 2019, Okta's CEO announced that the company has over 100 million registered users. [17]

In August 2020, Okta announced that it plans to let most of its employees work remotely on a permanent basis as a result of the COVID-19 pandemic. [18]

In March 2021, Okta signed a definitive agreement to acquire Auth0 for $6.5 billion. [19] The deal closed in May 2021. [20] In August 2021, Okta acquired atSpoke for $90 million. [21] In December 2023, Okta acquired security firm Spera for approximately $100–130 million. [22]

Security incidents

On March 9, 2021, hacking collective "Advanced Persistent Threat 69420" breached an Okta office network through a security failure in the company's Verkada camera setup. [23] They were able to download security footage from the cameras. [24] One member of the group, Maia Arson Crimew, also revealed that the group had gained root shell access to the network. [25] In a blog post the next-day, Okta Chief Security Officer David Bradbury minimized the root shell as an "internal support tool" of the camera manufacturer Verkada. [24] However, the shell would have given the hackers full access to execute any commands on the network, and Cloudflare admitted that a similar hack by the group on that company's network provided them with the same level of access. [26] Bradbury also said that the threat was contained to an isolated network.

On March 22, 2022, the hacking group LAPSUS$ posted screenshots claiming to be from Okta internal systems. [27] The next day, Okta concluded that a maximum of 366 of their customers data may potentially have been impacted, further stating that the breach originated with a computer used by one of Okta's third-party customer support engineers to which the hackers had access. [28]

In December 2022, Okta's source code was stolen when a hacker gained access to their GitHub repository. [29]

In early October 2023, Okta was notified of a breach resulting in hackers stealing HTTP access tokens from Okta's support platform by BeyondTrust. Okta denied the incident for a number of weeks, but later recognized that a breach had occurred. [30] Customers impacted by the Okta breach included Caesars Entertainment, MGM Resorts International, 1Password and Cloudflare. [31] [32] [33] On November 29th, 2023, it was known that the security incident affected all Okta customers. [34] [35]

Related Research Articles

Foundever is a privately owned customer experience technology company headquartered in Luxembourg City. It provides outsourced sales, technical support, customer service, and other business processes for large companies. The company has 170,001 employees and $4 billion in revenue.

LifeLock by Norton was an American software company active from 2005 to 2017. The company was best known for its eponymous LifeLock identity theft prevention software, now sold by Gen Digital after the latter acquired LifeLock in 2017. LifeLock's system monitors for identity theft, the use of personal information, and credit score changes.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

<span class="mw-page-title-main">Mimecast</span> Information technology company

Mimecast Limited is an American–British, Jersey-domiciled company specializing in cloud-based email management for Google Workspace, Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.

The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 23 days.

Twilio Inc. is an American cloud communications company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.

Imperva, Inc. is an American cyber security software and services company which provides protection to enterprise data and application software. The company is headquartered in San Mateo, California.

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to W3Techs, Cloudflare is used by more than 19% of the Internet for its web security services, as of 2024.

Sapphire Ventures is a venture capital firm with offices in Menlo Park, San Francisco, Austin, and London. The firm is considered one of the world's premier venture capital firms.

HashiCorp, Inc. is an American software company with a freemium business model based in San Francisco, California. HashiCorp provides tools and products that enable developers, operators and security professionals to provision, secure, run and connect cloud-computing infrastructure. It was founded in 2012 by Mitchell Hashimoto and Armon Dadgar. The company name HashiCorp is a portmanteau of co-founder last name Hashimoto and Corporation.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In 2013 and 2014, the American web services company Yahoo was subjected to two of the largest data breaches on record. Although Yahoo was aware, neither breach was revealed publicly until September 2016.

Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines.

<span class="mw-page-title-main">David Cowan (venture capitalist)</span>

David Cowan is a prominent Silicon Valley venture capitalist, filmmaker, philanthropist, and company founder. He is in the Forbes Midas List Hall of Fame and has appeared on the Midas List 14 times since 2001. He co-founded three companies, including Verisign. He has invested in more than 29 companies that have gone on to IPO. He is also noted for his support of scientific skepticism and of the work of Richard Dawkins and as of 2022 a board member of Center for Inquiry.

Verkada Inc. is a San Mateo, CA-based company that develops cloud-based building security and operating systems. The company combines security equipment such as video cameras, access control systems and environmental sensors, with cloud based machine vision and artificial intelligence.

maia arson crimew Swiss hacker (born 1999)

Maia arson crimew, formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured cloud server owned by CommuteAir. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

References

  1. "Okta Form 10-K for the fiscal year ended January 31, 2024". March 1, 2024.
  2. Rivas, Teresa (December 6, 2017). "Okta CEO Is Feeling Optimistic. Looks Like Investors Are Too". Barron's. Retrieved April 8, 2018.
  3. Bridgwater, Adrian (May 23, 2018). "Okta Insists Identity 'Goes Beyond' Passwords". Forbes. Retrieved March 6, 2019.
  4. Ray, Tiernan. "Okta CEO: 'We Exist Because It's a Heterogenous World'" . Retrieved 2018-04-08.
  5. Ray, Tiernan. "Okta: A Bigger Deal Than Oracle Someday?" . Retrieved 2018-04-08.
  6. "Okta Wants To Go Big And Go It Alone in Enterprise Software". Fortune. Retrieved 2018-04-08.
  7. "This Enterprise Software Unicorn Just Filed to Go Public". Fortune. Retrieved 2018-04-08.
  8. "Okta Identity Cloud Securely Connects JetBlue to its Customers". Venturebeat. 2018-03-07. Retrieved 2019-06-26.
  9. Bridgwater, Adrian. "Inside Privacy: Okta CEO Takes Hardcore Line On Identity Management". Forbes. Retrieved 2018-04-08.
  10. Bort, Julie. "I followed the CEO of $6 billion Okta around and learned the secrets of a tech conference that landed President Obama as a speaker". BusinessInsider. Retrieved 2019-06-26.
  11. Thadani, Trisha. "Barack Obama is speaking at a tech conference, but not one you'd expect". SFChronicle. Retrieved 2019-06-26.
  12. "Okta CEO McKinnon on the Tech IPO Landscape and Data Security" . Retrieved 2018-04-08.
  13. Ovide, Shira (2015-09-08). "Okta Raises $75 Million, Boosting Valuation to Nearly $1.2 Billion". WSJ. Retrieved 2018-04-08.
  14. "Okta shares soar nearly 39 percent in first day of trading". www.bizjournals.com. Retrieved 2018-04-08.
  15. Balakrishnan, Anita (2017-04-07). "Okta skyrockets more than 38% after IPO". CNBC. Retrieved 2018-04-08.
  16. "Okta shares soar nearly 39 percent in first day of trading". www.bizjournals.com. Retrieved 2018-04-08.
  17. Gurdus, Elizabeth (2019-01-24). "Okta CEO: We now have over 100 million registered users". www.cnbc.com. Retrieved 2019-01-25.
  18. Brian Fung (27 August 2020). "Software company Okta will let most of its 2,600 employees work remotely permanently". CNN. Retrieved 2020-09-15.
  19. Dignan, Larry. "Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud". ZDNet. Retrieved 2021-03-09.
  20. "Okta's Auth0 deal closes: Inside the 8-year, $6.5 billion courtship". Fortune. May 3, 2021. Archived from the original on 4 May 2021. Retrieved 23 June 2022.
  21. Novinson, Michael. "Okta Quietly Buys Startup atSpoke to Fuel Identity Governance | CRN". www.crn.com. Retrieved 2024-07-16.
  22. "Okta snatches up security firm Spera, reportedly for over $100M". TechCrunch. 2023-12-19. Retrieved 2023-12-19.
  23. Turton, William (2021-03-09). "Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals". Bloomberg. Retrieved 2021-03-10.
  24. 1 2 Bradbury, David (2021-03-10). "A CSO's perspective on the recent Verkada cyber attack". Okta Security. Archived from the original on 2021-03-17. Retrieved 2021-03-16.
  25. Paresh, Dave (2021-03-10). "Tesla says Shanghai factory not hacked after breach of Verkada surveillance cameras". Reuters. Retrieved 2021-03-17.
  26. Graham-Cumming, John (2021-03-10). "About the March 8 & 9, 2021 Verkada camera hack". The Cloudflare Blog. Archived from the original on 2021-03-10. Retrieved 2021-03-17.
  27. "Authentication firm Okta probes report of digital breach". CNN. Retrieved 22 March 2022.
  28. Camacho, Antonio Ruiz (2022-03-23). "Okta Says Hundreds of Customers May Have Been Exposed by January Breach". CNET .
  29. "Okta had another security incident, this time involving stolen source code".
  30. "Hackers Stole Access Tokens from Okta's Support Unit". krebsonsecurity .
  31. Goswami, Rohan (2023-10-23). "Okta cybersecurity breach wipes out more than $2 billion in market cap". CNBC.
  32. Zaman, Sourov (2023-10-20). "How Cloudflare mitigated yet another Okta compromise". The Cloudflare Blog. Archived from the original on 2023-10-24. Retrieved 2023-10-25.
  33. GREIG, JONATHAN (2023-10-24). "How 1Password, Cloudflare affected by Okta compromise" . Retrieved 2023-10-25.
  34. Identity management company Okta reveals far more extensive hack of its systems
  35. Okta admits hackers accessed data on all customers during recent breach
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.