Okta Reveals Wider Fallout from October 2023 Support System Hack

Okta has revealed that the October 2023 breach of its support case management system had a broader impact than initially reported. The threat actor downloaded the names and email addresses of all Okta customer support system users, affecting all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers except those in separate support systems. Additionally, reports containing contact information of Okta certified users, some CIC customers, and unspecified employee information were accessed. However, no user credentials or sensitive personal data were compromised. Okta has notified customers of potential phishing risks and implemented new security features. The identity of the threat actors is unknown, but a cybercrime group called Scattered Spider has targeted Okta in the past.