View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 29, 2023

Okta cyberattack exposed data of all customer support users

Having previously said only 1% of users were impacted by the breach, the digital identity vendor now believes its impact could be more widespread.

By Matthew Gooding

Digital identity software vendor Okta says data on all users of its customer support service was exposed in a recent cyberattack. The attack, disclosed last month, was the latest in a series of breaches to have impacted the company.

Okta has suffered another damaging cyberattack. (Photo by Poetra.RH/Shutterstock)

Okta notified customers on Tuesday that the hackers behind the attack downloaded a report that contained the names and email addresses of all clients that use its customer support system. It had previously said that only 1% of its users were impacted by the incident, but this number now seems likely to be much higher. The company works with 17,000 clients, managing 50 billion users.

The massive impact of Okta cyberattack

It has not been disclosed which cybercriminals are behind the Okta attack, but it is thought they used stolen credentials to gain access to its support case management system.

An Okta statement released at the time of the breach said: “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.”

The hackers are said to have carried out their attack using HTTP Archive (HAR) files, which allow support teams to troubleshoot technical issues by replicating browser activity. Okta said it often asks its clients to upload HAR files as part of support requests, and that these “can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users”.

Okta customers have been notified that their data may have been exposed. “While we do not have direct knowledge or evidence that this information is being actively exploited, we have notified all our customers that this file is an increased security risk of phishing and social engineering,” a company spokesperson said.

Okta’s security issues can lead to supply chain attacks

With its software deployed by some of the world’s biggest companies, including Microsoft, Okta is a common target for hackers because compromising its systems could open the door for software supply chain attacks, which allow hackers to access the networks of the vendor’s customers.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Last year, Okta suffered four significant cyberattacks, the most high profile coming as part of a crime spree perpetrated by hacking gang Lapsus$, which posted screenshots of breached Okta systems to Telegram.

As reported by Tech Monitor, this most recent attack has already had a knock-on effect on some of Okta’s clients. Password management service 1Password said in October it had detected “suspicious activity” on its network stemming from one of its Okta instances. But it claimed it was able to contain the problem before any sensitive information was compromised.

Read more: BlackCat claims to have hacked Sills & Betteridge

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.