Security News > 2023 > November > Okta data breach dilemma dwarfs earlier estimates
Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.
In the process of figuring out how the mistake came to be, it also identified additional reports accessed by the attackers, including employee information and the contact details of all Okta certified users and some Okta Customer Identity Cloud customers.
At the end of August, it disclosed a case involving attackers attributed to the Scattered Spider group - thought to be an AlphV/BlackCat ransomware affiliate - phishing Okta customers en masse to gain super admin access to Okta tenants.
Okta's customer support system breach was announced, an incident in which attackers made off with HAR files to replicate genuine customer sessions.
On November 2, the data of just shy of 5,000 current and former Okta employees was exposed to attackers, although this attack was carried out on a third-party provider, Rightway Healthcare, so there's not much Okta could have done to intervene.
Okta is due to release its quarterly earnings later today, a little more than a month after the October breach caused its stock price to plummet.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/29/okta_misjudged_breach_scale/
Related news
- Free, France’s second largest ISP, confirms data breach after leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- How to Effectively Manage a Data Breach (source)
- Amazon confirms employee data breach after vendor hack (source)
- HIBP notifies 57 million people of Hot Topic data breach (source)
- US space tech giant Maxar discloses employee data breach (source)
- Fintech giant Finastra investigates data breach after SFTP hack (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)