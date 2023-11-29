US access and identity management giant Okta says hackers stole data from all of its customers during a recent breach of its support systems, despite previously saying only a small number of customers were affected.

Okta confirmed in October that a hacker had used stolen credentials to access its support case management system and steal customer-uploaded session tokens that could be used to break into Okta customers’ networks. Could have done. Okta told TechCrunch at the time that about 1% of customers, or 134 organizations, were affected by the breach.

In a blog post published Wednesday, Okta’s chief security officer David Bradbury said the company has determined that all of its customers are affected by the breach. Okta spokesperson Kat Sherman didn’t provide any exact figures when asked by TechCrunch, but according to the company’s website, Okta has about 18,000 customers, including 1Password, Cloudflare, OpenAI, and T-Mobile.

Bradbury said that on September 28, a hacker ran and downloaded a report that contained data related to “all Okta customer support system users.” According to Okta, for 99.6% of customers, hackers only accessed full names and email addresses, although in some cases they may also have had access to phone numbers, usernames, and details of some employee roles.

Bradbury said, “While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that a threat actor could use this information to impersonate Okta customers through phishing or social engineering attacks.” Can to target.” The infamous Scattered Spider hacking group, also known as Octapus, has previously leveraged various social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.

Okta is advising all customers to use multi-factor authentication and phishing-resistant authenticators such as physical security keys.

Okta says its follow-up analysis also determined that the threat actor accessed “additional reports and support cases” containing contact information for all Okta-authenticated users and certain Okta Customer Identity Cloud (CIC) customer contacts Is. These reports also included information from some Okta employees, but the company has not confirmed how many of its 6,000 employees are affected.

Okta says none of its government customers were affected by the breach, and said its Auth0 support case management system was not affected.

The identity of the threat actors behind the most recent breach of Okta’s systems is not yet known.

This is the latest of several security incidents affecting Okta. Last year, the company admitted that hackers had stolen some of its source code. In a separate incident earlier in the year, hackers posted screenshots showing access to the company’s internal network after hacking Okta, a company used for customer service.

Source: techcrunch.com