2023-11-30
Okta: Breach Affected All Customer Support Users
Okta now says that a recent breach of its customer support management system affects all its customer support users. The incident was first disclosed in October, and in early November, Okta estimated the affected customer base to be about one percent. Since then, Okta has taken a closer look at the situation, which “included manually recreating reports the threat actor ran in the system and the files the threat actor downloaded.” Okta now says the breach affected all customer support center users.
Editor's Note
Okta is in the trust business. It is very common for organizations to extend the scope of a breach as they investigate. But a company like Okta, struggling to retain customer trust, needs to do better. Luckily for Okta, it would be too expensive and complex for most customers to leave.
Johannes Ullrich
Two big lessons should be learned from this: (1) The initial assumption should always be a 100% compromise if a thorough investigation can’t be completed before disclosure is required; and (2) Okta has recommendations that should be followed ASAP. (1) may sound overly harsh but the cost of incidents apparently is not yet high enough to drive critical service providers to needed levels of security.
John Pescatore
Consider the cost of changing from a service provider like Okta to someone else. While not practical, you need to walk through that scenario for your outsourced/cloud service providers, next determine what events would need to happen to trigger that change. Make sure that matches your risk appetite to the highest levels.
Lee Neely
This really shouldn’t come as a surprise as organizations typically underestimate data loss while the forensics investigation continues. What is a bit surprising is the incredibly large miscalculation. In the short-term Okta’s reputation as a trust provider will take a hit, but it will recover.
Curtis Dukes
Read more in
Okta: October Customer Support Security Incident - Update and Recommended Actions
Wired: Okta Breach Impacted All Customer Support Users—Not 1 Percent
Nextgov: Okta breach includes theft of data on nearly all help desk users, including some feds
Dark Reading: Okta Breach Widens to Affect 100% of Customer Base
CNBC: Okta hackers stole data on all customer support users in major breach
The Register: Okta data breach dilemma dwarfs earlier estimates
SC Magazine: All Okta customer support users exposed in October breach, company discloses
Krebs on Security: Okta: Breach Affected All Customer Support Users