Okta Says October 2023 Data Breach Impacts All Customer Support Users

Okta’s ongoing investigation into the October Help Center breach revealed that hackers had stolen all customer support system users’ information rather than the previously estimated 1 percent.

In the beginning of November, the company disclosed that unknown threat actors gained access to a limited number of customer support system files, impacting only 134 customers.

However, last week, in an incident update notification, Okta’s CSO, David Bradbury, revealed that hackers had accessed the name and email addresses of all Okta support system users.

‘’All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor). The Auth0/CIC support case management system was also not impacted by this incident,’’ revealed Bradbury.

The stolen reports are said to contain fields for names, emails, phone numbers, address, company name, username, SAML Federation ID, login details, and last password change/reset. However, for 99.6% of users listed in the report the only contact information that was revealed was their full name and email address. User credentials or sensitive personal data was not a part of the stolen data, assured the company.

The notification also revealed that the breach extended to reports and support cases, which included contact information for all Okta certified users and some Okta Customer Identity Cloud (CIC) customers. Data of some employees was also a part of this breach.

While no evidence was found of any misuse of the stolen data, the company believes that the customers might be targeted via phishing or social engineering attacks. Thus, it is imperative that all Okta customers deploy multi factor authentication (MFA) and use phishing resistant authenticators, to enhance security.

It also revealed that it had enlisted third-party digital forensics experts to assist in its investigation, and would be notifying the impacted customers.