customer support users told their info was accessed after analysis oversight
Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.
Chief security officer David Bradbury originally said earlier this month that according to the company’s root cause analysis, the files of just 134 Okta customers – less than 1 percent of the total – were accessed by attackers.
An update published this morning instead revealed that data related to every single Okta customer support system user was accessed.
For 99.6 percent of customers, the only data accessed was the full name and email address, due too many of the data fields the attackers scanned for being blank on Okta’s records. The data types included in the reports run by the attackers are below. User credentials and sensitive personal data were not included.
« While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks, » said Bradbury.
« Okta customers sign in to Okta’s customer support system with the same accounts they use in their own Okta org. Many users of the customer support system are Okta administrators. It is critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system, but also to secure access to their Okta admin console(s).
« Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering attacks directed at these users.
