Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Okta reveals more details of October data breach – it’s worse than you think

All Okta Help Centre customer support users were impacted by the company’s October data breach.

user icon David Hollingworth
Thu, 30 Nov 2023
Okta reveals more details of October data breach – it’s worse than you think
expand image

Identity access and management firm Okta released an update on a data breach affecting its support case management system in October 2023.

At the time, Okta’s chief security officer, David Bradbury, said that stolen credentials had led to “adversarial activity” on the company’s network and that some customer data had been exfiltrated.

“If you’re an Okta customer and you have not been contacted with another message or method, there is no impact to your Okta environment or your support tickets,” Bradbury said in a statement at the time.

============
============

Okta has now revealed the results of further investigations into the incident; however, it appears the scope of the breach is far wider than first thought.

“We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users,” Bradbury said in a new statement overnight.

“All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor).”

The report was run on 28 September and included a number of fields – usernames and emails, creation dates of support tickets, role descriptions, mobile phone numbers, and more details were all included in the report. However, according to Okta, not all that data was necessarily affected.

“The majority of the fields in the report are blank, and the report does not include user credentials or sensitive personal data,” Bradbury said. “For 99.6 per cent of users in the report, the only contact information recorded is full name and email address.”

Okta is now warning its support customers to be aware of phishing and other social engineering attacks and to ensure that multifactor authentication is enabled on all support systems and admin consoles.

Okta’s investigations are ongoing.

“We are working with a third-party digital forensics firm to validate our findings, and we will be sharing the report with customers upon completion,” Bradbury said.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.