The disclosure of details of the recent hack highlights the risks for administrators and ordinary users.
On October 20, 2023, it became known about a major penetration into the customer support system of Okta, a company specializing in identity and authentication.
The attackers had access to Okta's client access management system since late September of this year, which allowed them to steal authentication tokens from some clients and make changes to their accounts, such as adding or changing authorized users.
The penetration itself, according to official information, was caused by the actions of an Okta employee who saved the login credentials for a privileged account in his personal Google account. Presumably, this data was stolen when the employee's personal device was compromised.
Initially , it was reported that hackers gained access only to the data of 134 customers out of 18 thousand, which is less than 1% of the entire customer base. However, on November 29, Okta representatives updated the information, saying that the attackers also stole the names and email addresses of all users registered in the customer support system, including many Okta administrators responsible for integrating the company's authentication technology into client environments.
Okta reported that for almost 97 percent of users, the only contact information stolen was their full name and email address. However, for the remaining three percent of accounts, one or more of the following data fields were disclosed (in addition to the name and email address): last login; user name; phone number; SAML ID; company name; job role; user type; date of last password change or password reset.
The company claims that 6% of its customers (more than 1,000) still continue to use administrator accounts without multi-factor authentication (MFA), which was a fatal error that also led to compromise. Okta emphasizes the need to use MFA to securely protect their accounts.
Third-party security experts who commented on the Okta hack also pointed out the need for additional access control measures, including restrictions on IP addresses and regular updating of access tokens. In addition, it is extremely important to prevent employees from using personal accounts on their work devices in order to avoid repeating such situations.
On October 20, 2023, it became known about a major penetration into the customer support system of Okta, a company specializing in identity and authentication.
The attackers had access to Okta's client access management system since late September of this year, which allowed them to steal authentication tokens from some clients and make changes to their accounts, such as adding or changing authorized users.
The penetration itself, according to official information, was caused by the actions of an Okta employee who saved the login credentials for a privileged account in his personal Google account. Presumably, this data was stolen when the employee's personal device was compromised.
Initially , it was reported that hackers gained access only to the data of 134 customers out of 18 thousand, which is less than 1% of the entire customer base. However, on November 29, Okta representatives updated the information, saying that the attackers also stole the names and email addresses of all users registered in the customer support system, including many Okta administrators responsible for integrating the company's authentication technology into client environments.
Okta reported that for almost 97 percent of users, the only contact information stolen was their full name and email address. However, for the remaining three percent of accounts, one or more of the following data fields were disclosed (in addition to the name and email address): last login; user name; phone number; SAML ID; company name; job role; user type; date of last password change or password reset.
The company claims that 6% of its customers (more than 1,000) still continue to use administrator accounts without multi-factor authentication (MFA), which was a fatal error that also led to compromise. Okta emphasizes the need to use MFA to securely protect their accounts.
Third-party security experts who commented on the Okta hack also pointed out the need for additional access control measures, including restrictions on IP addresses and regular updating of access tokens. In addition, it is extremely important to prevent employees from using personal accounts on their work devices in order to avoid repeating such situations.
