Nov 29, 2023 - Technology

Okta says nearly all customers affected in October breach, not 1%

Image of a phone with the Okta logo on it

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Okta, a popular identity management tool, said Wednesday that a recent breach of its customer support service actually affected all of its users.

Why it matters: Okta originally told customers in October that the breach only affected less than 1% of users.

Driving the news: Okta Chief Security Officer David Bradbury said in a blog post published overnight that its initial investigation into the incident missed actions that indicate that all Okta certified users were affected during the October attack.

  • The yet-to-be-identified hackers are now believed to have accessed the names, email addresses and other contact information for all Okta customer support users — which includes a large number of company administrators.
  • Some Okta employee information was also exposed in the breach, Bradbury added.

The big picture: This is just the latest major cybersecurity incident Okta has faced in the last two years, and the company counts Fortune 500 companies, government agencies and even high-value AI startups as clients.

Catch up quick: Okta said last month that unknown threat actors had accessed support files for roughly 134 customers, or less than 1% of its customer base.

  • Those support files included cookies and session tokens that malicious actors could use to hijack Okta customer's sessions.

Details: Okta said Wednesday that the company recently decided to recreate the reports that the threat actors ran and appeared to access on its systems.

  • During that exercise, Okta found that "the file size of one particular report downloaded by the threat actor was larger than the file generated during our initial investigation" that concluded earlier this month.
  • That larger file included a list of all of Okta's customer support customers.

Yes, but: Okta said the only customers who weren't affected are those who need to comply with the U.S. government's FedRAMP program and the Defense Department's IL4 requirements.

  • Their customer support service exists in a different environment, Okta noted.

What we're watching: Okta has yet to say who it believes was behind the attack and how it plans to safeguard against similar attacks in the future.

Be smart: Okta warned that hackers could weaponize the stolen contact information in phishing attacks.

  • The company recommended that Okta administrators ensure they've enabled multi-factor authentication on their accounts.
Go deeper