Security News > 2023 > November > Okta data breach dilemma dwarfs earlier estimates

Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.

In the process of figuring out how the mistake came to be, it also identified additional reports accessed by the attackers, including employee information and the contact details of all Okta certified users and some Okta Customer Identity Cloud customers.

At the end of August, it disclosed a case involving attackers attributed to the Scattered Spider group - thought to be an AlphV/BlackCat ransomware affiliate - phishing Okta customers en masse to gain super admin access to Okta tenants.

Okta's customer support system breach was announced, an incident in which attackers made off with HAR files to replicate genuine customer sessions.

On November 2, the data of just shy of 5,000 current and former Okta employees was exposed to attackers, although this attack was carried out on a third-party provider, Rightway Healthcare, so there's not much Okta could have done to intervene.

Okta is due to release its quarterly earnings later today, a little more than a month after the October breach caused its stock price to plummet.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/29/okta_misjudged_breach_scale/