Okta admits hackers accessed data on all customers during recent breach TechCrunch
pUS access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems despite previously stating that only a fraction of customers were affectedppOkta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customeruploaded session tokens that could be used to break into the networks of Okta customers Okta told TechCrunch at the time that around 1 of customers or 134 organizations were affected by the breachppIn a blog post published on Wednesday Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach Okta spokesperson Cat Schermann would not provide an exact figure when asked by TechCrunch but Okta has around 18000 customers according to the companys website including 1Password Cloudflare OpenAI and TMobileppBradbury said on September 28 a hacker ran and downloaded a report that contained data belonging to all Okta customer support system users For 996 of customers hackers accessed only full names and email addresses according to Okta though in some cases they may also have accessed phone numbers usernames and details of some employee rolesppWhile we do not have direct knowledge or evidence that this information is being actively exploited there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks Bradbury said The notorious Scattered Spider hacking group also known as Oktapus has previously leveraged various social engineering tactics to target the accounts of Okta customers including Caesars Entertainment and MGM ResortsppOkta is advising all customers to use multifactor authentication and to use phishingresistant authenticators such as physical security keysppOkta says its followup analysis has also determined that the threat actor accessed additional reports and support cases containing the contact information of all Oktacertified users and some Okta Customer Identity Cloud CIC customer contacts Some Okta employee information was also included in these reports but the company hasnt confirmed how many of its 6000 employees are affectedppOkta says that none of its government customers are affected by the breach and said its Auth0 support case management system was not impactedppThe identity of the threat actors behind the most recent breach of Oktas systems is not yet knownppThis is the latest of many security incidents impacting Okta Last year the company admitted that hackers stole some of its source code A separate incident earlier in the year saw hackers post screenshots showing access to the companys internal network after hacking into a company Okta used for customer serviceppOkta says hackers stole customer access tokens from support unitppp