Okta warned users of a rise in credential-stuffing attacks targeting online services due to the use of residential proxy services, stolen credentials, and scripting tools. Researchers observed an increase in attacks against Okta accounts from April 19 through 26, with requests made mostly through anonymizing services like Tor and residential proxies such as NSOCKS and Luminati. The researchers noted the involvement of millions of requests routed by networks of legitimate user devices, including mobile devices with compromised SDKs
To address this, Okta introduced a feature in their Workforce Identity Cloud and Customer Identity Solution that blocks requests from anonymizing services, advising organizations to implement multifactor authentication and anomalous behavior detection systems for enhanced security measures against these attacks.https://www.darkreading.com/vulnerabilities-threats/okta-credential-stuffing-attacks-spike-via-proxy-networks