Okta Discloses Extensive Hack: All Customer Support Users Affected

Okta, a major identity and authentication company, has revised its impact statement regarding a recent breach in its customer support department. Initially, Okta stated that sensitive data was stolen from less than 1% of its customers, but now they admit that the attackers also stole the names and email addresses of nearly all customer support users. While the majority of users had only their full name and email address exposed, about 3% had additional data fields compromised. Okta warns that many of the affected accounts belong to Okta administrators and advises them to enable multi-factor authentication (MFA) to protect against targeted phishing attacks. The breach was attributed to an employee who saved credentials for a service account in Okta's customer support infrastructure to their personal Google account, which was likely compromised.