AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Krebs group ransomwhere1/12/2024 3, Okta blamed the intrusion on an employee who saved the credentials for a service account in Okta’s customer support infrastructure to their personal Google account, and said it was likely those credentials were stolen when the employee’s personal device using the same Google account was compromised. While it may seem completely bonkers that some companies allow their IT staff to operate company-wide authentication systems using an Okta administrator account that isn’t protected with MFA, Okta said fully six percent of its customers (more than 1,000) persist in this dangerous practice. “It is critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system, but also to secure access to their Okta admin console(s).” “Many users of the customer support system are Okta administrators,” Okta pointed out. Okta notes that a large number of the exposed accounts belong to Okta administrators - IT people responsible for integrating Okta’s authentication technology inside customer environments - and that these individuals should be on guard for targeted phishing attacks. That means about three percent of Okta customer support accounts had one or more of the following data fields exposed (in addition to email address and name): last login username phone number SAML federation ID company name job role user type date of last password change or reset. Okta said that for nearly 97 percent of users, the only contact information exposed was full name and email address. “The Auth0/CIC support case management system was also not impacted by this incident.” “All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor),” Okta’s advisory states. In its initial incident reports about the breach, Okta said the hackers gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers, or less than 1% of Okta’s customer base.īut in an updated statement published early this morning, Okta said it determined the intruders also stole the names and email addresses of all Okta customer support system users. That access allowed the hackers to steal authentication tokens from some Okta customers, which the attackers could then use to make changes to customer accounts, such as adding or modifying authorized users. Okta acknowledged last month that for several weeks beginning in late September 2023, intruders had access to its customer support case management system. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. When KrebsOnSecurity broke the news on Oct.
0 Comments
Read More
Leave a Reply. |