Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

The Okta data breach just keeps getting worse

Zero-day attack.

The recent data breach suffered by Okta turned out to be a lot bigger than initially thought.

In early November, the identity and access management company reported that a threat actor managed to access files inside its customer support system. There, they stole HAR files which contained cookies and session tokens, which allowed them to bypass login credentials and multi-factor authentication (MFA) and access the victims’ endpoints.

At first, Okta believed 134 of its customers (fewer than 1%) were affected. However, it now seems that the attackers accessed additional reports and support cases with contract information for all Okta certified users. 

Plenty of personal data

"All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor). The Auth0/CIC support case management system was also not impacted by this incident,” Okta said in its latest report.

Stolen data includes full names, usernames, emails, company names, user types, addresses, last password change/reset, roles, phone numbers, mobile numbers, time zones, and SAML Federation IDs. The good news is that for 99.6% of the victims, only full names and email addresses were taken. Login credentials remained safe, it was added.

Many of the victims were administrators, too, with 6% not even having multi-factor authentication enabled. What’s more, the attackers stole data from "Okta certified users and some Okta Customer Identity Cloud (CIC) customer contacts.” Some data on Okta employees was taken as well.

"We also identified additional reports and support cases that the threat actor accessed, which contain contact information of all Okta certified users and some Okta Customer Identity Cloud (CIC) customer contacts, and other information,” the report states.

“Some Okta employee information was also included in these reports. This contact information does not include user credentials or sensitive personal data."

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.