Open AI Identity Partner Okta’s Customers Data Gets Compromised in Security Breach

November 29, 2023

Okta, an American identity, and access management company confirmed on Tuesday that data belonging to all users of customers’ support system got compromised during a network breach that happened two months ago.

Okta warned clients about the potential risks of attacks or phishing attempts and told that the breach didn’t affect customers within the government or Department of Defense environment.

“We are working with a digital forensics firm to support our investigation and we will be sharing the report with customers upon completion. In addition, we will also notify individuals that have had their information downloaded,” a spokesperson remarked in a statement to CNBC.

Okta facing similar security breaches in the past

Okta offers identity management solutions to thousands of small and large businesses, enabling employee access via a single sign-on point. This makes it an attractive target for hackers seeking to exploit vulnerabilities and misconfigurations to access various targets.

In October, Okta revealed that the hackers who breached their customer support system got unauthorized access to 134 customers’ information and 5 of the victims fell prey to hijacking attacks facilitated by stolen session tokens. Among the victims, 3 of them including 1Password, BeyondTrust, and Cloudflare publicly revealed that they were affected by the breach and notified Okta about suspicious activity of unauthorized access to log-in administration accounts.

Despite receiving alerts about session hijacking on 29 September, Okta took more than two weeks to confirm the breach in the support systems, following multiple meetings with the affected clients. The hackers used credentials for a support system taken from an employee’s Google profile and logged into their personal Google profile using an Okta-managed laptop. Okta reportedly indicated that “the most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.”

Okta responded to the breach by taking multiple measures like deactivating the compromised accounts, enhancing monitoring rules, and restricting personal Google profiles.

The security breach at Okta is haunted by past incidents, highlighting ongoing concerns and vulnerabilities in the company’s security framework.

On 23 September 2023, Rightway Healthcare experienced a network breach, leading to unauthorized access by cybercriminals to an eligibility census file designed for insurance provision and benefit plans for eligible individuals. The breached documents contained names, social security numbers, and health or medical insurance plan numbers of Okta employees and their dependents. However, Okta reported the incident on October 12, 2023.

Okta’s report to the Office of the Maine Attorney General revealed that the breach affected a total of 4,961 employees. Later, the company also confirmed that the breached data of employees was from April 2019 to the end of 2020.

In the previous instances, Okta has confronted several data breaches indicating the persistent challenges in securing personal data including identity theft and social engineering attacks.

In December 2022, Okta publicly disclosed a security breach, revealing that the hackers breached its private Github repositories, gaining access to confidential source code information. The investigation by Okta disclosed that the hackers exploited the unauthorized access to copy code repositories linked to Workforce Identity Code (WIC), the company’s enterprise-based security solution. In response to the security breach, Okta assessed the latest access to software repositories, analyzed all recent commits, altered GitHub credentials, and even reported to law enforcement.

It’s not the first time, Okta has encountered security breaches, the company has experienced incidents of data breaches in the past as well. Previously, in March 2022, the Lapsus$ extortion group claimed a similar breach and screenshot on their telegram channel indicating access to Okta’s administrative accounts and customer information. Later confirmed by Okta, that the breach affected approximately 2.5% of Okta’s customer data.

Also read:16Shop Phishing as a Service Platform that Scammed Apple Pay Users Gets Busted