Hackers Breach Password Authenticator Okta, Compromising Data of All Customer Support Users

San Francisco, California – November 29, 2023 – Password authenticator Okta has disclosed that a recent data breach was far more extensive than previously reported, affecting all of its customer support system users. The company initially stated that only 1% of its customers were impacted by the September cyberattack.

In a blog post published on Wednesday, Okta revealed that hackers had stolen a report containing the names and email addresses of all individuals with access to the company's customer support system. Okta's chief security officer, David Bradbury, acknowledged the potential for this stolen information to be used for phishing or social engineering attacks.

To mitigate these risks, Bradbury strongly encouraged all Okta customers to implement multi-factor authentication (MFA), which requires additional verification steps beyond simply entering a password. MFA significantly enhances security by making it more difficult for unauthorized individuals to gain access to accounts.

Okta, headquartered in San Francisco, provides identity management solutions to businesses, enabling secure website logins through single sign-on (SSO) and MFA. The company boasts a clientele of over 18,000 corporate clients, including FedEx, S&P Global, T-Mobile, and Zoom.

According to a report by TechCrunch, Okta experienced at least two security breaches in 2022. In January, a hacking group known as Lapsus$ extortion group compromised a customer support engineer's account and shared screenshots of Okta's systems. Subsequently, in August, hacking group Scatter Swine claimed to have infiltrated Okta's customer data, affecting more than 100 companies, including software firm Twilio.