Microsoft, Google, Apple, Windows, Android, iOS, Internet, Cyber Security, Hacking, Malware, Smartphone, Mobile App

Trending

Okta says hackers stole data for all customer support users in cyber breach

Okta (OKTA.O) said on Tuesday that hackers stole infoharmont&blain geox sconti www.geox.it saldi air jordan 1 element benetton outlet online negozi geox più vicino geox it saldi outlet benetton harmont&blain jordan proto max 720 harmont e blaine saldi 70 benetton outlet shop online geox sconti adidas yeezy boost 350 turtle dove outlet benetton rmation on all users of its customer support system in a network breach two months ago.

The San Francisco-based company notified customers that it has determined hackers downloaded a report containing data including names and email addresses of all clients that use its customer support system, the company said in an emailed statement to Reuters.

U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected.

Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customer-uploaded session tokens that could be used to break into the networks of Okta customers. Okta told TechCrunch at the time that around 1% of customers, or 134 organizations, were affected by the breach.

In a blog post published on Wednesday, Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach. Okta spokesperson Cat Schermann would not provide an exact figure when asked by TechCrunch, but Okta has around 18,000 customers, according to the company’s website, including 1Password, Cloudflare, OpenAI and T-Mobile.

Bradbury said on September 28, a hacker ran and downloaded a report that contained data belonging to “all Okt a customer support system users.” For 99.6% of customers, hackers accessed only full names and email addresses, according to O kta, though in some cases they may also have accessed phone numbers, usernames and details of some employee roles.

“While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okt a customers via phishing or social engineering attacks,” Bradbury said. The notorious Scattered Spider hacking group, also known as Okt apus, has previously leveraged various social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.

Okta is advising all customers to use multi-factor authentication and to use phishing-resistant authenticators, such as physical security keys.

Okta says its follow-up analysis has also determined that the threat actor accessed “additional reports and support cases” containing the contact information of all Okt a-certified users and some Okt a Customer Identity Cloud (CIC) customer contacts. Some Okta employee information was also included in these reports, but the company hasn’t confirmed how many of its 6,000 employees are affected.

Okt a says that none of its government customers are affected by the breach, and said its Auth0 support case management system was not impacted.

The identity of the threat actors behind the most recent breach of Okt a’s systems is not yet known.

This is the latest of many security incidents impacting O kta. Last year, the company admitted that hackers stole some of its source code. A separate incident earlier in the year saw hackers post screenshots showing access to the company’s internal network after hacking into a company Okta used for customer service.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy