Okta Says Hacker Stole Every Customer Support User’s Details

Beware of Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns

Okta, the identity and authentication giant, said the attacker behind its September data breach stole more information than it first discovered. That includes details for all users of its primary customer support system.

They first publicly confirmed the breach on Nov. 3, warning that attackers had gained access to its customer support management system and stolen sensitive information uploaded by 134 customers.

An updated data breach notification released Wednesday revealed that Okta had recently discovered the attacker stole much more data, including a complete list of many customer support system users’ usernames and contact details.

Investigators don’t believe the attacker stole any “user credentials or sensitive personal data,” however, this introduces significantly increased risks that users, particularly admins, may be targeted by phishing or other social engineering attacks to obtain those credentials.

In light of the data theft, anyone using Okta admin accounts should ensure that they are protected by multifactor authentication. According to Okta, “We recommend all Okta customers employ MFA and consider the use of phishing-resistant authenticators to further enhance their security,” such as Okta Verify FastPass, FIDO2 WebAuthn, or PIV or CAC smart cards.

This recent revelation highlights not just the need for MFA, it shows how the results of one breach have the potential to spiral as cybercriminals use relatively low-value information as a stepping stone to procuring more valuable credentials and access.

If you have questions about how multifactor authentication and phishing training can help secure your data, call ITPAC today.