Okta admits data breach impacts all customer support users

30 Nov 2023

Image: © Tada Images/Stock.adobe.com

Okta revealed that data from all its customer support users was accessed by a hacker and that this data could be used in phishing attacks.

A data breach Okta revealed last month is more serious than originally declared, according to an updated statement by the identity management giant.

The company confirmed last month that it suffered a data breach at the end of September, after a hacker used stolen employee credentials to access its customer support system.

In October, Okta said it had informed all customers who were affected by the breach. The company had also told TechCrunch that only 1pc of its customers were affected by the breach.

But in a recent statement, the company said that this threat actor downloaded a report that contained the names and email addresses of “all Okta customer support system users”. The company said it discovered this new information after it re-examined the actions taken in the data breach.

“The majority of the fields in the report are blank and the report does not include user credentials or sensitive personal data,” Okta said in the update. “For 99.6pc of users in the report, the only contact information recorded is full name and email address.”

The company said it has no “direct knowledge or evidence” that the information is being actively exploited, but warned of the possibility that the threat actor may use the stolen data to “target Okta customers via phishing or social engineering attacks”.

Last month, 1Password confirmed that it was targeted by a threat actor as a result of Okta’s data breach, but said no data was compromised by the attack.

Okta has not confirmed how many of its customers are in its customer support system. The company has more than 18,000 customers, according to its website.

“Okta customers sign in to Okta’s customer support system with the same accounts they use in their own Okta org,” the company said. “Many users of the customer support system are Okta administrators.

“It is critical that these users have multifactor authentication enrolled to protect not only the customer support system, but also to secure access to their Okta admin consoles.”

Okta has been targeted in multiple cybersecurity attacks in recent years. In December 2022, the company noticed suspicious activity on its code repositories. This occurred during the period where The Guardian was hit with a ransomware attack.

The company also suffered a hack from cybercriminal gang Lapsus$ in 2022. This occurred during a year of high-profile data breaches, which impacted companies such as MicrosoftNvidia and Revolut.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic