U.S. access and identity management giant Okta has revealed that hackers, in a recent breach of its support systems, gained unauthorized access to data affecting all of its customers, contrary to its previous statements. The breach, originally believed to have impacted only a fraction of customers, has now been confirmed to have affected all of Okta’s approximately 18,000 customers.
Okta has revealed that the recent breach of its support systems compromised data concerning all of its approximately 18,000 customers. While the majority of customers had their names and email addresses accessed, there is concern that threat actors may use the stolen information for phishing or social engineering attacks. Okta advises customers to implement multi-factor authentication and adopt phishing-resistant authenticators to enhance security.
The Breach and Affected Information
In October, Okta disclosed that a hacker had used stolen credentials to enter its support case management system, stealing customer-uploaded session tokens. Initially, Okta reported that around 1% of customers, or 134 organizations, were affected. However, Okta’s chief security officer, David Bradbury, has since revealed that the breach impacted all customers.
Okta has determined that for the majority of customers, hackers accessed full names and email addresses. In some cases, phone numbers, usernames, and details of employee roles were also compromised. Although there is no evidence of active exploitation, there is a possibility that threat actors may employ phishing or social engineering attacks using this information to target Okta customers.
Security Measures and Recommendations
Okta is urging all customers to implement multi-factor authentication and adopt phishing-resistant authenticators, like physical security keys, to enhance security. The company also advises caution regarding potential social engineering attempts and phishing attacks.
Additional Data Accessed
In addition to the customer support system data, the threat actors also gained access to “additional reports and support cases” containing the contact information of all Okta-certified users and some Okta Customer Identity Cloud (CIC) customer contacts. It is unclear how many of Okta’s 6,000 employees are affected as their specific numbers have not been confirmed.
Government Customers and Other Systems
Okta has assured that none of its government customers were impacted by the breach. Furthermore, the company clarified that its Auth0 support case management system remained unaffected.
Ongoing Investigations and Previous Incidents
The identity of the threat actors involved in the breach has not yet been determined. This breach adds to the list of security incidents Okta has experienced. In the past, the company disclosed stolen source code and screenshots showing unauthorized access to its internal network.