🦠 Ransomware & Malware

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

Your next SMS from 'IT support' could hand hackers your company's keys. 0ktapus just proved MFA is no silver bullet, snaring thousands in a slick Okta phishing blitz.

Elena Vasquez 📅 Apr 03, 2026 ⏱️ 4 min read 👁️ 1 view

Infographic showing 0ktapus phishing flow from SMS to Okta credential theft across global firms

⚡ Key Takeaways

0ktapus phished 9,931 Okta-linked accounts across 130+ orgs via SMS MFA bypass.
Started with telecoms for phone numbers, scaled to supply-chain attacks.
SMS and push MFA are phishable; switch to hardware keys now.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Written by

Elena Vasquez

Senior editor and generalist covering the biggest stories with a sharp, skeptical eye.

#0ktapus #MFA bypass #Okta phishing #phishing campaign #supply chain attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Threatpost

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Elena Vasquez

Worth sharing?

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Elena Vasquez

Share this article

Worth sharing?

Related Stories

Casbaneiro Gang's Sneaky Dynamic PDFs Hit Enterprises in LatAm and Europe

Claude Code's 50-Command Cap: The Bypass That Unlocks Your Dev Machine

REF1695's ISO Trick: $9K Crypto Haul from Fake Installers and RATs

FBI, CISA Blast: Russian Phishers Hijacking Signal and WhatsApp Accounts Worldwide

Stay in the loop