Extensive Cyberattack: Okta Identity Management Company Exposes System Breach
Okta, a leading identity management company, discloses a major breach revealing a more extensive hack than previously disclosed The attackers successfully accessed and stole data on all users in Okta's customer support system
Okta's September hack was more extensive than initially reported, with data on all users in Okta's customer support system being stolen, the company revealed on Wednesday. This admission differs greatly from Okta's previous statement that less than 1% of its customers were affected by the incident.
Okta, based in San Francisco, stated that they do not have "direct knowledge or evidence" of active exploitation of the information stolen in the recent breach. However, chief security officer David Bradbury acknowledged in a blog post that the information could potentially be used for targeting Okta customers through phishing or social engineering attacks.
The responsible party for the hack remains unknown. An Okta spokesperson informed CNN that the company does not intend to publicly attribute the incident to a specific hacking group, despite the disclosure of the breach in October.
A Aliquippa Municipal Water Authority official says a pro-Iran group claims to have hacked the system.
KDKA
Federal officials investigating after pro-Iran group allegedly hacked water authority in Pennsylvania
Okta reports that the hackers primarily stole names and email addresses of customers, dealing a significant blow to the cybersecurity provider relied upon by government agencies and corporations to protect their networks from cybercriminals and spies. In a previous security incident last January, a group of young cybercriminals breached Okta through one of the firms vendors, impacting up to 366 customers.
Oktas stock plunged Wednesday morning amid the news of the latest cybersecurity incident but has since rebounded a bit.
