Okta underestimated hack: not one percent but entire customer database stolen

The recent data breach at Okta affects more customers than the authentication and identity specialist initially thought. Further analysis of all the hackers’ actions reveals that data from all end users of the Okta customer support ticketing system was stolen.

Okta announced in October this year that hackers managed to penetrate its customer support ticket system and could capture data from it. Specifically, this involved certain recordings of browser activity, so-called HAR files. From the data in these files, the hackers were able to get cookies and session tokens that were then misused for spoofing or so-called session hacking attacks.

Initially, the attack reportedly affected five customers, including 1Password, BeyondTrust and Cloudflare. This was later expanded to 134 customers.

Also read: Okta reports data theft from customer service ticket system -update

Data of all end users stolen

Okta now reports that the hackers captured the data of all end users of its customer support ticket system. The breach mainly involves contact data, i.e. full names and e-mail addresses. Sensitive data such as login information and other personal data were not accessed, according to Okta.

Further analyses

In the statement, Okta describes it could give more details through further analysis of the hackers’ actions in the Okta systems. This showed that one file the hackers had stolen was larger than all the others. This file was eventually found to contain the data of all end users of Okta’s customer support ticketing system.

In addition, the authentication and identity specialist discovered that other reports and support cases the hackers accessed also contained information from all Okta-certified end users and some Okta Customer Identity Cloud (CIC) customer contacts. They also discovered some data of Okta employees was stolen.

Action to be taken

Okta is urging customers to be alert on phishing attacks in the coming period. In addition, the company recommends applying MFA, Admin Session Binding and Admin Session Timeout.

Okta underestimated hack: not one percent but entire customer database stolen

Data of all end users stolen

Further analyses

Action to be taken

Stay tuned, subscribe!

Oracle introduces AI Agent Studio for Fusion Cloud Applications

Nvidia GTC 2025 roundup: Blackwell Ultra, HPE, Cisco and more

Cohesity buys Veritas unit for nearly 3 billion dollars

Commvault Cloud shifts to cyber resilience

Cohesity CTO: New vaccines needed for the EU ransomware pandemic

Is Microsoft stealing backup vendors’ lunch with Microsoft 365 Backup?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?

Technology 2023: Four areas of focus

GovKube 25

IT Master in één Dag

Atlassian Team ’25

VeeamON 2025

GITEX ASIA

SAS Innovate 2025

Cloud Account Executive – Slack

AI & Data Architect

Senior Account Solution Architect