Okta warns of a significant surge in credential stuffing attacks against its identity management services.

Some customer accounts have been compromised due to these automated attacks using stolen credentials.

The malicious activity is linked to the same infrastructure behind prior brute-force and password-spraying attacks noted by Cisco Talos.

Attackers leveraged the TOR network and residential proxies, targeting users on the Okta Classic Engine with inadequate threat response settings.

Okta advises clients to activate ThreatInsight in Log and Enforce Mode, block anonymizing proxies, upgrade to Okta Identity Engine, and implement Dynamic Zones for better security.

The company also suggests adopting passwordless and multi-factor authentication methods to prevent account takeovers.

Further details on the impact of these security incidents are pending as BleepingComputer awaits a response from Okta.