Malware

Massive Data Breach in October Impacts Entire Customer Support System: Protect Yourself Now

Okta, a leading identity management platform, suffered a data breach in October affecting all users of its customer support system. While no passwords or financial information were compromised, the attackers accessed usernames, email addresses, and Okta Support case details. Okta has implemented measures to prevent future breaches and is assisting affected customers.

Published

on

Okta Data Breach Affects All Customer Support System Users

Okta, a leading identity and access management provider, recently revealed that a data breach in its Help Center environment last month compromised information belonging to all customer support system users. The company initially reported a limited data breach, but further investigation showed that the scope was much larger.

The hackers managed to access additional reports and support cases containing contact information for all Okta certified users. This is a serious concern, as many of these exposed users are administrators, and 6% of them have not activated multi-factor authentication (MFA) defense against unauthorized login attempts.

What Was Stolen?

According to Okta, the stolen report included fields for full name, username, email, company name, user type, address, last password change/reset, role, phone number, mobile number, time zone, and SAML Federation ID. However, for 99.6% of the users listed in the report, only full names and email addresses were available. The company also assured that no credentials were exposed.

While names and emails might not seem like much, they are enough for threat actors to launch phishing or social engineering attacks. These tactics can help them obtain more details to prepare a more sophisticated attack.

Protecting Against Potential Attacks

To defend against such attacks, Okta recommends the following measures:

  1. Implement MFA for admin access, preferably using phishing-resistant methods like Okta Verify FastPass, FIDO2 WebAuthn, or PIV/CAC Smart Cards.
  2. Enable admin session binding to require re-authentication for admin sessions from new IP addresses.
  3. Set admin session timeouts to a maximum of 12 hours with a 15-minute idle time, as per NIST guidelines.
  4. Increase phishing awareness by staying vigilant against phishing attempts and reinforcing IT Help Desk verification processes, especially for high-risk actions.

A History of Attacks

Over the past two years, Okta has been a target of credential theft and social engineering attacks. In December 2021, hackers accessed source code from the company’s private GitHub repositories. In January 2022, hackers gained access to the laptop of an Okta support engineer with privileges to initiate password resets for customers. This incident impacted about 375 customers, representing 2.5% of the company’s client base.

The Lapsus$ extortion group claimed responsibility for the attack, leaking screenshots showing that they had “superuser/admin” access to Okta.com and could access customer data.

Take Action Now

As cybersecurity threats continue to evolve and become more sophisticated, it’s essential to stay informed and take proactive measures to protect your organization. Don’t wait until it’s too late. Contact us to learn more about how we can help you safeguard your digital assets and keep coming back for the latest updates on cybersecurity trends and best practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version