Okta: October Breach Actually Affected All Customer Support Users
Views: 4625
2023-11-29 23:55
It turns out that last month’s breach at Okta ensnared all users of the company’s

It turns out that last month’s breach at Okta ensnared all users of the company’s customer support system rather than less than 1%.

Okta on Wednesday supplied an update on the hacking incident, which was originally believed to have only affected 134 corporate clients. A new review re-traced how the breach occurred and found that the hacker also looted a sensitive file.

“We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users,” Okta says.

Okta is a provider of single sign-on services to over 18,000 customers, including many large corporations, such as T-Mobile, FedEx, and Zoom. So the breach could be used as a launching pad to conduct further attacks.

The hacker grabbed the file the day they infiltrated the company’s customer support system on Sept. 28. The good news is that the hacker only stole the full names and email addresses for IT employees that administered their company’s Okta accounts. No password data or sessions tokens were taken. In addition, Okta’s government clients that use the “FedRamp High and DoD IL4 environments” are unaffected.

But in other instances, the hacker was found downloading additional reports from the customer service database. "We also identified additional reports and support cases that the threat actor accessed, which contain contact information of all Okta certified users and some Okta Customer Identity Cloud (CIC) customer contacts, and other information," the company added. "Some Okta employee information was also included in these reports."

The fear now is that the hacker will use the names and email addresses to conduct phishing or social engineering attacks to break into the affected companies. Okta notes that “many users of the customer support system are Okta administrators” who control login access to their corporate networks.

Hence, Okta says it's "critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system, but also to secure access to their Okta admin console(s).” Currently, 94% of all Okta customers require their administrators to turn on MFA.

Okta’s report goes on to include other steps IT administrators can take to guard against potential hacking. “We are working with a third-party digital forensics firm to validate our findings and we will be sharing the report with customers upon completion,” the company added.

Tags security