Okta Reveals Broader Impact From Support System Breach
The company says that the names and email addresses of all support customers were downloaded by attackers.
Okta disclosed Wednesday that its recent support system breach included the theft of all support customer names and emails.
The newly revealed details indicate that the impact of attack was significantly broader than previously realized. Okta previously said that an attacker accessed files belonging to 134 customers between Sept. 28 and Oct. 17, representing less than 1 percent of Okta’s customers.
[Related: Okta Could See Hit To Its Reputation After Second Major Breach In Two Years: Analysts]
Following a report from Bloomberg Tuesday, Okta published an updated disclosure about the incident from Chief Security Officer David Bradbury, which said the identity management company has been “re-examining the actions that the threat actor performed.”
As a result, “we have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users,” Bradbury wrote.
Crucially, however, user credentials and other sensitive data were not included in the report downloaded by attackers, Bradbury wrote.
“The majority of the fields in the report are blank and the report does not include user credentials or sensitive personal data,” he wrote. “For 99.6% of users in the report, the only contact information recorded is full name and email address.”
While Okta has no “direct knowledge or evidence that this information is being actively exploited,” the company is warning about the potential for increased phishing attacks, Bradbury said.
“Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering attacks directed at these users,” he wrote, recommending that users implement multifactor authentication if they haven’t already done so.
Okta’s stock price was down 6 percent to $68.50 a share as of this writing Wednesday morning.