The recent data breach at Okta affects more customers than the authentication and identity specialist initially thought. Further analysis of all the hackers’ actions reveals that data from all end users of the Okta customer support ticketing system was stolen.
Okta announced in October this year that hackers managed to penetrate its customer support ticket system and could capture data from it. Specifically, this involved certain recordings of browser activity, so-called HAR files. From the data in these files, the hackers were able to get cookies and session tokens that were then misused for spoofing or so-called session hacking attacks.
Initially, the attack reportedly affected five customers, including 1Password, BeyondTrust and Cloudflare. This was later expanded to 134 customers.
Data of all end users stolen
Okta now reports that the hackers captured the data of all end users of its customer support ticket system. The breach mainly involves contact data, i.e. full names and e-mail addresses. Sensitive data such as login information and other personal data were not accessed, according to Okta.
In the statement, Okta describes it could give more details through further analysis of the hackers’ actions in the Okta systems. This showed that one file the hackers had stolen was larger than all the others. This file was eventually found to contain the data of all end users of Okta’s customer support ticketing system.
In addition, the authentication and identity specialist discovered that other reports and support cases the hackers accessed also contained information from all Okta-certified end users and some Okta Customer Identity Cloud (CIC) customer contacts. They also discovered some data of Okta employees was stolen.
Action to be taken
Okta is urging customers to be alert on phishing attacks in the coming period. In addition, the company recommends applying MFA, Admin Session Binding and Admin Session Timeout.