Okta admitted that hackers accessed all of its customers’ data during the recent breach

US access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, however previously said only a small number of customers were affected.

Okta confirmed in October that a hacker used a stolen credential to access its support case management system and stole customer-uploaded session tokens that could be used to log into network of Okta customers. Okta told TechCrunch at the time that about 1% of its customers, or 134 organizations, were affected by the breach.

on a blog post published on Wednesday, Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach. Okta spokeswoman Cat Schermann wouldn’t give an exact number when asked by TechCrunch, but Okta has about 18,000 customers, according to the company’s website, including 1Password, Cloudflare, OpenAI, and T-Mobile.

Bradbury said on September 28, a hacker ran and downloaded a report containing data belonging to “all users of Okta’s customer support system.” For 99.6% of customers, hackers only accessed full names and email addresses, according to Okta, although in some cases they were also able to access phone numbers, usernames and details of certain employee roles.

“While we have no direct knowledge or evidence that this information has been actively exploited, there is a possibility that a threat actor could use this information to target Okta customers through a phishing or social engineering attack,” said Bradbury. The notorious Scattered Spider hacking group, also known as Oktapus, previously used a variety of social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.

Okta advises all customers to use multi-factor authentication and to use phishing-resistant authenticators, such as physical security keys.

Okta says its follow-up analysis also determined that the threat actor had access to “additional reports and support cases” that contained contact information for all Okta-certified users and some Okta Customer Identity Cloud (CIC) customer contacts. Some Okta employee information was also included in these reports, but the company did not confirm how many of its 6,000 employees were affected.

Okta said none of its government customers were affected by the breach, and said its Auth0 support case management system was not affected.

The identity of the threat actors behind the latest breach of Okta’s systems is still unknown.

This is the latest of many security incidents affecting Okta. Last year, the company admitted that hackers had stolen some of its source code. A separate incident earlier in the year saw hackers post screenshots showing access to the company’s internal network after hacking a company that Okta used for its service customer.

Leave a comment