Okta: Breach Affected All Customer Support Users
Okta now says that a recent breach of its customer support management system affects all its customer support users. The incident was first disclosed in October, and in early November, Okta estimated the affected customer base to be about one percent. Since then, Okta has taken a closer look at the situation, which “included manually recreating reports the threat actor ran in the system and the files the threat actor downloaded.” Okta now says the breach affected all customer support center users.
Okta is in the trust business. It is very common for organizations to extend the scope of a breach as they investigate. But a company like Okta, struggling to retain customer trust, needs to do better. Luckily for Okta, it would be too expensive and complex for most customers to leave.
Two big lessons should be learned from this: (1) The initial assumption should always be a 100% compromise if a thorough investigation can’t be completed before disclosure is required; and (2) Okta has recommendations that should be followed ASAP. (1) may sound overly harsh but the cost of incidents apparently is not yet high enough to drive critical service providers to needed levels of security.
Consider the cost of changing from a service provider like Okta to someone else. While not practical, you need to walk through that scenario for your outsourced/cloud service providers, next determine what events would need to happen to trigger that change. Make sure that matches your risk appetite to the highest levels.
This really shouldn’t come as a surprise as organizations typically underestimate data loss while the forensics investigation continues. What is a bit surprising is the incredibly large miscalculation. In the short-term Okta’s reputation as a trust provider will take a hit, but it will recover.
Read more in
Dark Reading: Okta Breach Widens to Affect 100% of Customer Base
The Register: Okta data breach dilemma dwarfs earlier estimates
Krebs on Security: Okta: Breach Affected All Customer Support Users