ShinyHunters launched a campaign targeting around 100 organizations using Okta's single sign-on (SSO) for credential theft. Silent Push researchers reported that companies like Atlassian, Canva, and ZoomInfo are among the victims, although there's no confirmation of successful breaches. ShinyHunters claimed that 100 targets is "close" to the actual number of organizations it has breached. The campaign is notable for employing advanced voice-phishing tactics that compromise SSO credentials and gain access to victim organizations’ multi-factor authentication (MFA) solutions. Mandiant’s team is also monitoring this ongoing campaign, stating that after gaining initial access, the attackers pivot to Software as a Service (SaaS) environments to steal sensitive data. They have approached some organizations with extortion demands. While the identity attacks don't stem from specific security flaws, experts recommend using phishing-resistant MFA methods, like FIDO2 security keys. Organizations should also enforce strict app authorization policies and keep an eye on unusual API activity or unauthorized device enrollments. Last week, Okta warned users about these voice-phishing attempts. ShinyHunters later confirmed its involvement and claimed to have accessed Crunchbase and Betterment through this method, leaking over 20 million records from Betterment and 2 million from Crunchbase.