Security experts discover larger scale of Okta’s data breach than initially believed

Okta recently discovered that the extent of a data breach in late September was greater than initially estimated. While the company has not provided an exact number, they confirmed in their updated root cause analysis that personal information of all customer support system users was compromised in the breach. Previously, Okta’s CISO had stated that only 134 individuals, less than 1% of their customers, were affected. The breach impacted users of Okta’s workforce identity cloud and customer identity solution products, excluding customers in the FedRamp High and DoD IL4 environments. The Auth0/CIC case management system was not affected. The attacker created a report with mostly blank fields for 99.6% of the users, with only full name and email address recorded. User credentials and sensitive personal data were not included in the report. Okta recommends implementing multi-factor authentication and other security measures to mitigate further risks. The attack initially occurred on September 28, when the threat actor accessed files associated with 134 customers, including HAR files containing session tokens. They subsequently used these tokens to hijack the sessions of five customers and gain access to run the report. The attacker likely used an Okta employee’s credentials stored in their personal Google account to launch the attack.

Unlock your business potential with our expert guidance. Get in touch now!

Oxford-skyline-fotolia.jpg

Oxford University Introduces Cyber Resilience Module in MBA Curriculum

Hacker-stereotype-hoodie-code-adobe-hero.jpg

Co-op Warns Staff to Stay Vigilant Against Potential Hackers

fake-fact-misinformation-Lemonsoup14-adobe.jpg

Government and Ofcom Clash Over Scope of Online Safety Act

security-threat-cyber-attack-2-adobe.jpeg

Decoding Cyber Attacks: The Challenge and Its Importance

ransomware-attack-encrypted-files-adobe.jpg

Scattered Spider Linked to M&S Cyber Attack

chess-strategy-game-intelligence-2-adobe.jpeg

Ongoing Challenges as UK’s Cyber Security and Resilience Bill Progresses

Crime-arrest-handcuffs-adobe.jpg

Concerns Escalate Over UK MoJ Crime Prediction Algorithms