Okta Says Hackers Stole Data for All Customer Support Users
Views: 2512
2023-11-29 11:25
Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users

Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.

The company notified customers in a letter Tuesday that it has now determined the hackers downloaded a report containing data including names and email addresses for all clients that use its customer support system. As a result, Okta warned customers that they may face an increased risk of attacks and urged them to use strong multifactor authentication.

“While we have not seen direct evidence that the threat actor is using this list to launch phishing attacks against support system users,” the company said to customers, “phishing attacks are a constant threat.” Okta, which manages user authentication services for thousands of corporate clients, didn’t immediately provide comment.

Okta’s shares plunged last month after the San Francisco-based company disclosed that hackers had used a stolen credential to access its support system. At the time, a company spokesman estimated that about 184 clients, representing roughly 1% of the Okta’s customers, were affected. It wasn’t the first time Okta had been breached. The company disclosed last year that a hacking group had broken into its system after the gang posted screenshots that appeared to show access to Okta accounts.

The company said in its letter to customers that a recent audit found more data was stolen than it initially thought, prompting it to revise its findings. The firm also discovered that some Okta employee information was included in stolen reports, according to the customer notice reviewed by Bloomberg.

The customer report contained fields for customer user names, company names and mobile phone numbers, Okta said, while noting that the majority of the fields were blank and didn’t include credentials or sensitive personal data. For more than 99% of customers listed in the report, Okta said, the only contact information stolen were full names and email addresses.

Read More: Okta Falls on News That Hackers Viewed Some Customer Files

Many of the affected users of the customer support system are Okta administrators, according to the company’s notice.

Okta is scheduled to report earnings on Wednesday. The company said in its notice to customers that it would publicly disclose the new details on the same day.

Tags alltop law tmt wwtop gen cos business top tec internet wwtopam industries okta us