Okta, Fortinet See Further Stock Price Declines

The drops come after Okta disclosed that 134 customers were impacted in the recent customer service breach, and Fortinet said its firewalls sales are seeing a slowdown, late last week.

Okta and Fortinet saw further stock price declines Monday after disclosures from the two major cybersecurity vendors last week that have rattled customers and investors.

On Friday, Okta disclosed that data from 134 customers was accessed in the company’s recent customer support system breach. A day earlier, Fortinet reported that its firewall sales are seeing a slowdown, prompting a series of downgrades by Wall Street analysts.

[Related: Fortinet Makes Cuts To Sales, Channel, Business Development Groups]

Fortinet saw another analyst downgrade Monday, with HSBC joining at least half a dozen firms that downgraded the network security vendor’s stock (Ticker: FTNT) on Friday. Fortinet’s stock price was down about 2.5 percent to $49.24 a share, Monday morning as of this writing.

Stock indices including the Nasdaq Composite and S&P 500 were up Monday morning.

In Okta’s disclosure Friday, the identity platform vendor said that its investigation is now finalized and found that an attacker accessed files belonging to 134 customers between Sept. 28 and Oct. 17.

Far fewer — five customers — had legitimate Okta sessions hijacked by the threat actor, according to the updated disclosure from Chief Security Officer David Bradbury. Three of those five customers, he noted, have provided their own disclosures about how they responded to the security incident.

Following Okta’s initial disclosure about the customer support case management system Oct. 20, cybersecurity firms BeyondTrust, Cloudflare and 1Password each said they were among the impacted customers in the Okta breach.

Okta’s stock price was down 2.9 percent to $67.85 a share, Monday morning as of this writing.

Causes Of The Breach

In the Okta post update Friday, Bradbury noted that less than 1 percent of Okta’s customers, which total 18,000, were impacted in the incident.

Okta’s investigation found that the attacker accessed its customer support system by exploiting a service account that was “stored in the system itself,” Bradbury wrote. The service account had permissions to view and update files associated with customer support cases, he said.

“During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop,” Bradbury wrote. “The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.”

In the post, Bradbury pointed to a “failure” to identify file downloads within its customer support logs.

“For a period of 14 days, while actively investigating, Okta did not identify suspicious downloads in our logs,” he wrote.

The company’s initial investigation “focused on access to support cases, and subsequently we assessed the logs linked to those cases,” Bradbury wrote. “On October 13, 2023, BeyondTrust provided Okta Security a suspicious IP address attributed to the threat actor. With this indicator, we identified the additional file access events associated with the compromised account.”

Firewall Slowdown

The Fortinet stock price declines, meanwhile, followed the release on Thursday of the company’s financial results for the third quarter, ended Sept. 30. The company reported that it saw a 16-percent gain in overall revenue from a year earlier, but a drop in firewall sales led the company’s Q3 revenue to fall short of the analyst consensus estimate.

Fortinet’s product revenue for the third quarter declined 0.6 percent, year-over-year, to $465.9 million — marking the company’s first year-over-year decline in firewall sales since it went public in 2009. The company is encountering a “slowdown in secure networking market growth,” Co-Founder and CEO Ken Xie said during Fortinet’s quarterly call with analysts Thursday.

The company’s revenue outlook for the fourth quarter also came in below Wall Street expectations.

Amid the report Thursday, Fortinet said it will be shifting more of its focus to faster-growing areas, such as SASE (secure access service edge) and security operations tools. SASE now represents 20 percent of Fortinet’s business while SecOps tools now make up 10 percent.

In Fortinet’s third quarter results, service revenue grew nearly 28 percent, year over year, to reach $868.7 million, the company reported.

Fortinet is well-positioned to capitalize on major near-term market opportunities, CFO Keith Jensen said during the call, through “shifting our R&D and go-to-market investments to the faster-growing SASE and SecOps markets.”