Okta, which describes itself as the World’s Identity company and the leading independent identify partner, previously disclosed a breach in October 2023. In this breach a threat actor was able to leverage a compromised credential to gain access to the Okta customer support system. From September 28th, 2023 to October 17th, 2023 the threat actor was able to access files associated with 134 Okta customers, or less than 1% of Okta customers . Okta have notified affected customers which mainly consist of those who had recently created support tickets.
In continued efforts to understand and recreate the breach, the Okta security team have reviewed their initial analysis. As a result of this review Okta have now expanded the list of impacted customers to ALL of their customer support system users. Current analysis suggests that the threat actor was not able to access the distinct support environment for the FedRamp High and DoD IL4 customers (presumably military and government customers).
The threat actor was able to run a report which returned results results for all customer support users. This report may have included the name, email address, phone, mobile phone, date of last password change, and associated company information.
Okta security itself notes that most of the fields returned were blank for the majority of users and did not contain credentials or other sensitive personal data.
While the results didn’t include credentials, the results could still be gold mine for targeted phishing attacks or identifying users who may have had credentials exposed in other unrelated breaches.
Okta recommends that all customers enable Multi-Factor Authentication and generally be aware of phishing attempts against their employees and vendors. The World’s leading Identity company also doesn’t miss an opportunity to plug their own phishing mitigation methods and services.
Okta have published an official timeline for this security event on their security blog.