Digital identity software vendor Okta says data on all users of its customer support service was exposed in a recent cyberattack. The attack, disclosed last month, was the latest in a series of breaches to have impacted the company.
Okta notified customers on Tuesday that the hackers behind the attack downloaded a report that contained the names and email addresses of all clients that use its customer support system. It had previously said that only 1% of its users were impacted by the incident, but this number now seems likely to be much higher. The company works with 17,000 clients, managing 50 billion users.
The massive impact of Okta cyberattack
It has not been disclosed which cybercriminals are behind the Okta attack, but it is thought they used stolen credentials to gain access to its support case management system.
An Okta statement released at the time of the breach said: “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.”
The hackers are said to have carried out their attack using HTTP Archive (HAR) files, which allow support teams to troubleshoot technical issues by replicating browser activity. Okta said it often asks its clients to upload HAR files as part of support requests, and that these “can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users”.
Okta customers have been notified that their data may have been exposed. “While we do not have direct knowledge or evidence that this information is being actively exploited, we have notified all our customers that this file is an increased security risk of phishing and social engineering,” a company spokesperson said.
Okta’s security issues can lead to supply chain attacks
With its software deployed by some of the world’s biggest companies, including Microsoft, Okta is a common target for hackers because compromising its systems could open the door for software supply chain attacks, which allow hackers to access the networks of the vendor’s customers.
Last year, Okta suffered four significant cyberattacks, the most high profile coming as part of a crime spree perpetrated by hacking gang Lapsus$, which posted screenshots of breached Okta systems to Telegram.
As reported by Tech Monitor, this most recent attack has already had a knock-on effect on some of Okta’s clients. Password management service 1Password said in October it had detected “suspicious activity” on its network stemming from one of its Okta instances. But it claimed it was able to contain the problem before any sensitive information was compromised.