Okta’s Help Center environment experienced a data breach in October, affecting all users of the customer support system. Unauthorized access was gained by threat actors, who obtained data from Okta’s customer support system. This data included information from all users, including additional reports and support cases. The breach impacted users of Okta’s Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS), except those in separate support systems like FedRamp High and DoD IL4 environments.
The stolen report contained various user details such as full name, username, email, company name, user type, address, role, phone number, and more. However, Okta assured users that despite the exposure of 99.6% of users’ full names and emails, no credentials were compromised.
Notably, many of the exposed users were administrators, and 6% of them did not have multi-factor authentication (MFA) defenses activated. Okta emphasizes the potential risks of phishing and underscores the importance of remaining vigilant against such attempts. They also highlight the need to strengthen IT Help Desk verification processes.
Okta has faced previous security incidents, including source code access in December and a laptop breach in January 2022, affecting 2.5% of customers. The Lapsus$ extortion group claimed responsibility for a previous attack, demonstrating “superuser/admin” access to Okta.com and potential access to customer data.
To enhance security against potential attacks, Okta recommends implementing MFA for admin access, using phishing-resistant methods, enabling admin session binding, setting session timeouts, and increasing awareness about phishing among users.