Okta security breach much worse than originally disclosed – all customers' data potentially affected

Okta is a company that offers online identity management tools, including single sign-in and multifactor authentication, for a wide-range of customers such as FedEx and Zoom. So, security is a big deal as they manage sensitive data for multiple website logins for companies.

Last month, however, Okta announced that it suffered a security breach. Bad actors managed to access private customer information through Okta's customer support system. Earlier this month, Okta shared more information about the breach, including a pretty critical detail. According to Okta, at the time, only 134 customers — or less than one percent of its entire customer base — were affected by the breach.

The news was still fairly concerning as Okta confirmed that bad actors were able to hijack Okta customers' sessions. Now, though, Okta has some more concerning news that potentially affects every one of its customers. 

Okta security breach is worse than we thought

According to the latest update from Okta, during the company's continued investigation into the breach, it discovered that the malicious actors downloaded a report that included the names and email addresses of all of Okta's customers with a customer support system account.

Just names and email addresses may seem innocuous, but in the hands of an experienced hacker, this information can be used to launch a phishing campaign or socially engineer more private information out of Okta's customers. In fact, in Okta's announcement, the company shared its concerns regarding just that.

"While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks," the access management firm said. "Okta customers sign in to Okta’s customer support system with the same accounts they use in their own Okta org. Many users of the customer support system are Okta administrators. It is critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system, but also to secure access to their Okta admin console(s)."

It's important that Okta customers are aware of the breach, so they can keep an eye out for attempts to access more of their data.

Unfortunately, this isn't the first time Okta has dealt with such breaches. The hacker group Lapsus accessed Okta's admin panel in March 2022, which allowed them to reset customer passwords and authentication credentials. Later that year, Okta's source code for its Workforce Identity Cloud service was stolen from a GitHub account that it was stored on.

It's clear that Okta is a target for bad actors due to the nature of its business. If they can access Okta, they could potentially access sensitive data and credentials for multiple accounts belonging to some of the biggest companies across the globe.