Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

IOTW: Okta data breach affects all customer support users

Exposed data increases risk of phishing and social engineering attacks

Add bookmark
Michael Hill
Michael Hill
12/01/2023
hands on a laptop keyboard

Okta has revealed that hackers stole information on all users of its customer support system in a network breach. In a written statement published this week, the firm’s CSO, David Bradbury, said that Okta has determined that a threat actor ran and downloaded a report containing the names and email addresses of all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers. Customers in Okta’s FedRamp High and DoD IL4 environments have not been affected, Bradbury claimed.

Okta first disclosed the breach, which occurred in late September, last month. Originally, the San Francisco-based identity and access management company said that only a certain number of customers (134) were affected. The latest information indicates that Okta underestimated the extent of the breach, although the exposed data does not include user credentials or sensitive personal information, according to Bradbury. “For 99.6 percent of users in the report, the only contact information recorded is full name and email address,” he said.

Reports downloaded by threat actor larger than initially thought

Following its disclosure of the breach on November 3, Okta’s security department reviewed its initial analysis of the actions that the threat actor performed, including manually recreating the reports that the threat actor ran within the customer support system, Bradbury’s statement read. “We identified that the file size of one particular report downloaded by the threat actor was larger than the file generated during our initial investigation. After additional analysis, we concluded that the report contained a list of all customer support system users.”

The discrepancy in its initial analysis stems from the threat actor running an unfiltered view of the report, Bradbury stated. A later review identified that if the filters were removed from the templated report, the downloaded file was considerably larger. Okta also identified additional reports and support cases that the threat actor accessed, which contain contact information of all Okta certified users and some Okta Customer Identity Cloud (CIC) customer contacts, along with other information. Some Okta employee information was also included in these reports.

Okta is continuing to work with a third-party digital forensics firm to validate its findings and will share the report with customers upon completion.

Exposed data increases risk of phishing and social engineering attacks

Given that names and email addresses were downloaded, Okta assessed that there is an increased risk of phishing and social engineering attacks directed at impacted users. “While 94 percent of Okta customers already require multi-factor authentication (MFA) for their administrators, we recommend ALL Okta customers employ MFA and consider the use of phishing resistant authenticators to further enhance their security,” Bradbury said.

Okta customers are advised to take the following actions to defend against potential attacks that target their Okta administrators:

  • Secure admin access using MFA at a minimum, enroll administrative users in phishing resistant authenticators and enforce phishing resistance for access to all administrative applications.
  • Enable the Early Access feature in Okta that requires admins to reauthenticate if their session is reused from an IP address with a different autonomous system number (ASN).
  • Use new Okta Admin Console timeouts that will be set to a default of a 12-hour session duration and a 15-minute idle time.
  • Be vigilant of phishing attempts that target employees and be especially wary of social engineering attempts that target IT help desks and related service providers.

Data breach proves even robust security systems can be vulnerable

The Okta breach proves that even robust security systems can be vulnerable, Callie Guenther, senior manager, cyber threat research at cyber security company Critical Start, tells Cyber Security Hub. “This incident highlights the ongoing challenges in cyber security and the importance of continuous vigilance, especially in identity and access management, which is a critical part of an organization’s security posture.”

With user information, attackers can craft more convincing phishing emails or social engineering campaigns, Guenther adds. “Organizations using Okta services may see an uptick in such activities.”

This is not Okta’s first security challenge. Last year, the firm carried out an investigation into a compromise of one of its third-party vendors. It found that a threat actor accessed two active customer tenants within Okta’s SuperUser application, viewing limited additional information in certain other applications like Slack and Jira.

Report: 'Diagnosing Disaster: How To Recover From An Attack'

This report on incident response and recovery offers pivoting strategies and identifies top internal and external challenges for security teams.

Learn More

 

Tags: data breach cyber attack cyber security

More From Incident of the Week

IOTW: Victoria Court recordings exposed in suspected ransomware attack

Unauthorized access disrupted audio visual in-court technology network impacting video recordings, a...

2024-01-05 by Michael Hill
IOTW: Xfinity data breach impacts 35 million customers

Exposed data includes usernames, hashed passwords and social security numbers

2023-12-22 by Michael Hill
IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

Powerful attack knocked out internet access and mobile communications, damaging IT infrastructure

2023-12-15 by Michael Hill
IOTW: HTC confirms cyber attack as BlackCat ransomware gang teases stolen data

BlackCat/ALPHV ransomware group leaked photos of what appears to be stolen passports, contact lists,...

2023-12-08 by Michael Hill
IOTW: Data breach exposes sensitive information of Canadian Government employees

The Canadian government has disclosed a data breach after contractor hacks exposed information datin...

2023-11-24 by Michael Hill
Go To Hub

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy