U.S. entry and id administration large Okta says hackers stole knowledge about all of its clients throughout a latest breach of its assist programs, regardless of beforehand stating that solely a fraction of consumers have been affected.
Okta confirmed in October {that a} hacker used a stolen credential to entry its assist case administration system and steal customer-uploaded session tokens that might be used to interrupt into the networks of Okta clients. Okta advised information.killnetswitch on the time that round 1% of consumers, or 134 organizations, have been affected by the breach.
In a weblog publish revealed on Wednesday, Okta chief security officer David Bradbury stated the corporate has since decided that each one of its clients are affected by the breach. Okta spokesperson Cat Schermann wouldn’t present an actual determine when requested by information.killnetswitch, however Okta has round 18,000 clients, based on the corporate’s web site, together with 1Password, Cloudflare, OpenAI and T-Cellular.
Bradbury stated on September 28, a hacker ran and downloaded a report that contained knowledge belonging to “all Okta buyer assist system customers.” For 99.6% of consumers, hackers accessed solely full names and e mail addresses, based on Okta, although in some circumstances they could even have accessed telephone numbers, usernames and particulars of some worker roles.
“Whereas we should not have direct data or proof that this info is being actively exploited, there’s a risk that the risk actor could use this info to focus on Okta clients by way of phishing or social engineering assaults,” Bradbury stated. The infamous Scattered Spider hacking group, often known as Oktapus, has beforehand leveraged varied social engineering techniques to focus on the accounts of Okta clients, together with Caesars Leisure and MGM Resorts.
Okta is advising all clients to make use of multi-factor authentication and to make use of phishing-resistant authenticators, reminiscent of bodily security keys.
Okta says its follow-up evaluation has additionally decided that the risk actor accessed “extra stories and assist circumstances” containing the contact info of all Okta-certified customers and a few Okta Buyer Id Cloud (CIC) buyer contacts. Some Okta worker info was additionally included in these stories, however the firm hasn’t confirmed what number of of its 6,000 staff are affected.
Okta says that none of its authorities clients are affected by the breach, and stated its Auth0 assist case administration system was not impacted.
The id of the risk actors behind the newest breach of Okta’s programs will not be but identified.
