Social Engineering Hackers Target Okta Single Sign On

ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data Mathew J. Schwartz (euroinfosec) • January 28, 2026

Single sign-on customers of identity provider Okta should be on alert against attackers seeking to gain access to their corporate network, steal data and hold it to ransom, security experts warn.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

A surge in social engineering attacks has targeted users of Okta's SSO tools, leading the company to directly warn customers last week about this campaign. Many of these attacks, if not all, are being conducted under the banner of the cybercrime group ShinyHunters (see: Voice Phishing Okta Customers: ShinyHunters Claims Credit).

"This is an active and ongoing campaign" that has led to the theft of data from multiple victims, after which "an actor that identifies as ShinyHunters has approached some of the victim organizations ...