Nearly All Okta Customers Affected in October Security Breach

On Wednesday, Okta, a widely used tool for managing identities, announced that a recent security breach of its customer support service impacted all of its users.

The company recently discovered suspicious activity on its servers that suggests the breach may have been more extensive than initially believed. Okta is now conducting a thorough investigation to determine the full extent of the breach and is diligently working to enhance its security measures.

Driving the news Okta’s Chief Security Officer, David Bradbury said in a blog post that during the October attack, its initial investigation failed to identify certain actions that suggest all Okta-certified users were impacted.

It is now believed that hackers, who remain unidentified, have obtained access to the personal information of Okta customer support users, including names, email addresses, and other contact details. This group of users encompasses many company administrators.
Bradbury further stated that personal information of certain Okta employees was also compromised in the security breach.

This is just the latest major cybersecurity incident Okta has faced in the last two years, and the company counts Fortune 500 companies, government agencies and even high-value AI startups as clients.

Okta said last month An unidentified group of hackers managed to gain access to support files belonging to approximately 134 customers, which accounts for less than 1% of its total customer base.

The support files contained cookies and session tokens which could be exploited by malicious individuals to take control of Okta customer’s sessions.
Okta announced on Wednesday that they have made the decision to recreate the reports that were performed by the threat actors and seemed to have obtained access to their systems.

In the recent exercise, Okta discovered that the size of a specific report downloaded by the threatening individual was bigger than the file generated in our initial investigation, which was concluded earlier this month.
The bigger document contained a compilation of all the customers who receive support services from Okta.
Yes, but: According to Okta, the only customers who were not impacted are those who must adhere to the U.S. government’s FedRAMP program and the Defense Department’s IL4 requirements.

Okta observed that their customer support service operates in a distinct setting.
What we’re watching: Okta has not disclosed the responsible party for the attack or detailed its strategy for preventing future similar attacks.

Okta issued a warning about the potential for hackers to exploit the stolen contact information for phishing attacks.

The company suggests that Okta administrators confirm they have activated multi-factor authentication on their accounts.