Okta data breach far worse than previously reported: Hackers stole all customer support data
Okta, a cybersecurity firm tasked with protecting organizations from cyber threats, continued to be plagued with the consequences of the cyberattack that took place in October. The company now struggles to overcome the lingering impacts of the incident, following revelations that shed light on the severity of the data breach.
In a blog post released on Wednesday, David Bradbury, Okta’s chief security officer, revealed that the extent of the October data breach was more severe than initially reported. Contrary to the previous statement indicating that only 1% of users in its customer support system were affected, Bradbury disclosed that the personal information of every user in the system was compromised.
According to Okta, the threat actor managed to run and download a report containing the names and email addresses of all customer support system users. The impact extends to all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers, excluding those in the FedRamp High and DoD IL4 environments, which operate on a separate support system not accessed by the threat actor. The incident did not affect the Auth0/CIC support case management system.
“We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users. All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor). The Auth0/CIC support case management system was also not impacted by this incident.” – Okta wrote.
In a letter addressed to customers, Okta revealed that during the security incident in mid-October, threat actors gained access to data on every client in the company’s customer service database. This includes names, email addresses, and details of some Okta employees.
This disclosure marks a significant shift from Okta’s previous statement on November 3rd, where the company claimed that only 184 out of its numerous customers were impacted by the breach.
Adding to the concerns, just a month ago, there was another report indicating that Okta faced another security incident in October. During this incident, hackers targeted a third-party vendor, resulting in the unauthorized access and theft of personal information belonging to 5,000 Okta employees.
While Okta may not be a household name, it plays a critical role in the cybersecurity systems of major corporations. The identity management company serves over 18,000 customers including major organizations, educational institutions, and government agencies,, offering a single login point for various platforms used by many organizations. For instance, Zoom utilizes Okta to provide seamless access to Google Workspace, ServiceNow, VMware, and Workday platforms.
Founded in 2009 by Todd McKinnon and Frederic Kerrest, Okta is a cybersecurity firm renowned for delivering identity and access management solutions, facilitating secure and seamless access to various digital services and platforms for organizations.