Home Cyber Security October information breach impacts all buyer help system customers

October information breach impacts all buyer help system customers

October information breach impacts all buyer help system customers


Okta: October data breach affects all customer support system users

Okta’s investigation into the breach of its Assist Heart setting final month revealed that the hackers obtained information belonging to all buyer help system customers.

The corporate notes that the risk actor additionally accessed extra reviews and help circumstances with contact info for all contact info of all Okta licensed customers.

In the beginning of November, the corporate disclosed {that a} risk actor had gained unauthorized entry to recordsdata inside its buyer help system and that early proof indicated a restricted information breach.

Based on particulars uncovered on the time, the hacker accessed HAR recordsdata with cookies and session tokens for 134 clients – lower than 1% of the corporate’s clients, that could possibly be used to hijack Okta classes of legit customers.

Additional investigation of the assault revealed that the risk actor additionally “downloaded a report that contained the names and electronic mail addresses of all Okta buyer help system customers.”

“All Okta Workforce Identification Cloud (WIC) and Buyer Identification Answer (CIS) clients are impacted besides clients in our FedRamp Excessive and DoD IL4 environments (these environments use a separate help system NOT accessed by the risk actor). The Auth0/CIC help case administration system was additionally not impacted by this incident” – Okta

Based on the corporate, the stolen report included fields for full title, username, electronic mail, firm title, person kind, tackle, final password change/reset, position, cellphone quantity, cellular quantity, time zone, and SAML Federation ID.

Nevertheless, Okta clarifies that for 99.6% of the customers listed within the report the one contact info out there had been full title and electronic mail tackle. Additionally, the corporate assured that no credentials had been uncovered.

Okta’s assertion notes that lots of the uncovered customers are directors and 6% of them haven’t activated the multi-factor authentication protection towards unauthorized login makes an attempt.

The corporate states that the intruders additionally accessed information from “Okta licensed customers and a few Okta Buyer Identification Cloud (CIC) buyer contacts” together with Okta worker particulars.

“We additionally recognized extra reviews and help circumstances that the risk actor accessed, which comprise contact info of all Okta licensed customers and a few Okta Buyer Identification Cloud (CIC) buyer contacts, and different info. Some Okta worker info was additionally included in these reviews. This contact info doesn’t embody person credentials or delicate private information” – Okta

More often than not, names and emails are sufficient for a risk actor to launch phishing or social engineering assaults that might serve them in reconnaissance levels or might assist them acquire extra particulars to organize a extra refined assault.

To guard towards potential assaults, Okta recommends the next:

  1. Implement MFA for admin entry, ideally utilizing phishing-resistant strategies like Okta Confirm FastPass, FIDO2 WebAuthn, or PIV/CAC Good Playing cards.
  2. Allow admin session binding to require re-authentication for admin classes from new IP addresses.
  3. Set admin session timeouts to a most of 12 hours with a 15-minute idle time, as per NIST tips.
  4. Enhance phishing consciousness by staying vigilant towards phishing makes an attempt and reinforcing IT Assist Desk verification processes, particularly for high-risk actions.

Okta has been a goal of credential theft and social engineering assaults over the previous two years, as hackers final December accessed supply code from the corporate’s non-public GitHub repositories.

In January 2022, hackers gained entry to the laptop computer of an Okta help engineer with privileges to provoke password resets for patrons. The incident impacted about 375 clients, representing 2.5% of the corporate’s consumer base.

The Lapsus$ extortion group claimed the assault and leaked screenshots exhibiting that they’d “superuser/admin” entry to Okta.com and will entry buyer information.


Supply hyperlink


Please enter your comment!
Please enter your name here