Okta admits hackers accessed data on all customers during recent breach
Reading Time: 2 minutesU.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected.
Bradbury said on September 28, a hacker ran and downloaded a report that contained data belonging to ‘all Okta customer support system users.’ For 99.6% of customers, hackers accessed only full names and email addresses, according to Okta, though in some cases they may also have accessed phone numbers, usernames and details of some employee roles.
‘While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks,’ Bradbury said. The notorious Scattered Spider hacking group, also known as Oktapus, has previously leveraged various social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.
Okta is advising all customers to use multi-factor authentication and to use phishing-resistant authenticators, such as physical security keys.
Okta says its follow-up analysis has also determined that the threat actor accessed ‘additional reports and support cases’ containing the contact information of all Okta-certified users and some Okta Customer Identity Cloud (CIC) customer contacts. Some Okta employee information was also included in these reports, but the company hasn’t confirmed how many of its 6,000 employees are affected.
Okta says that none of its government customers are affected by the breach, and said its Auth0 support case management system was not impacted.
The identity of the threat actors behind the most recent breach of Okta’s systems is not yet known.
This is the latest of many security incidents impacting Okta. Last year, the company admitted that hackers stole some of its source code. A separate incident earlier in the year saw hackers post screenshots showing access to the company’s internal network after hacking into a company Okta used for customer service.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG