Okta Breach Widens to Affect 100% of Customer Base

  /     /     /  
Publicated : 23/11/2024   Category : security


Okta Breach Widens to Affect 100% of Customer Base


Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them.



Update: this article has been edited for clarity to more accurately detail the types of customer data potentially compromised by the Okta breach.
Identity access management vendor Okta has released an update following an investigation into
a hack this fall on its systems
, revising the number of impacted customers up
from less than 1%
to a staggering 100%.
A blog post dated Nov. 29 from Okta chief security officer David Bradbury explained that an analysis of a breach from September revealed that an
unauthorized user was able to run a report
on Sept. 28 containing data on every user of Oktas customer support system. The stolen database could have contained the following customer data; created date, last login, full name, username, email, company name, user type, address, date of last password change or reset, role (name), role (description), phone, mobile, time zone, contact information, user name, role description, and SAML federation ID. This type of information could be useful to threat actors in launching social engineering attacks, like the ones that
leveraged Okta to breach MGM Resorts
and Caesars Entertainment.
Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams.
Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering attacks directed at these users, Bradbury wrote. While 94% of Okta customers already require MFA [multifactor authentication] for their administrators, we recommend all Okta customers employ MFA and consider the use of phishing-resistant authenticators to further enhance their security.
The company added that it does not have any evidence the compromised Okta customer data is being actively exploited yet, however. Even so, cybersecurity experts advise Okta customers to focus on cybersecurity best practices, including user training.
What is needed to secure Okta customers is a focus on best practices; for example, 6% of their users do not have multifactor authentication enabled, says Viakoo CEO Bud Broomhead. Likewise, setting session timeouts or requiring reauthentication for sessions from a new IP address should be done across all Okta users.
That bit of bad news for Okta customers was tempered by another piece of data out of Okta on Nov. 29. According to its latest quarterly financial report, the company announced that it has seen a more than
20% increase in revenues
. The bottom-line growth increase is marked for the quarter ending Oct. 31, the same quarter Oktas systems were used in high-profile breaches of MGM and Caesars.
Our Q3 performance was highlighted by solid top-line growth, record non-GAAP operating profit, and record free cash flow, Todd McKinnon, CEO and co-founder of Okta, said in a statement about the companys earnings. We are particularly enthusiastic about the adoption of Okta Identity Governance and the general availability of Okta Privileged Access, which uniquely positions us as the only unified modern identity platform. Over 18,800 leading organizations around the world put their trust in Okta and we are thankful for their continued partnership.
The news of the leaked customer data did drive down
Okta stock prices
when it happened, but the investor fallout appears to be hovering in the single digits.
That said, the time lag for sales revenues to be impacted by major cyber incidents like the ones Okta has experienced should be taken into account when analyzing whether the breach impacted the brand, according to Jasson Casey, CEO of Beyond Identity.
The sales cycle for midmarket customers is typically three to four months, while the enterprise sales cycle can be six-plus months, Casey tells Dark Reading. Revenue numbers being reported today dont reflect the markets processing and intake of the latest news.
However, Casey tells Dark Reading that personally, hes seeing a market shift away from Okta.
Anecdotally, were seeing a large number of companies actively search for migration pathways from Okta to other SSO [single sign-on] platforms due to the continued string of
news related to Okta security practices
, he adds. Okta has a hard road in front of them to convince the mid/enterprise market that
security is a foundational principle
given their continued missteps over the last two years.
Okta declined to comment on customer reactions to the compromise.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Okta Breach Widens to Affect 100% of Customer Base