Topics
Latest
AI
Amazon
Image Credits:Michael Vi / Getty Images
Apps
Biotech & Health
Climate
Cloud Computing
mercantilism
Crypto
initiative
EVs
Fintech
Fundraising
contraption
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
protection
societal
Space
Startups
TikTok
Transportation
speculation
More from TechCrunch
result
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
U.S. access code and personal identity management giant Okta says hack stole datum about all of its customers during a recent breach of its backup systems , despite previously state thatonly a fraction of customer were affected .
Okta confirmed in October that a cyberpunk used a steal certification to get at its funding case management system and steal client - uploaded session token that could be used to break into the networks of Okta customers . Okta assure TechCrunch at the sentence that around 1 % of customer , or 134 organization , were involve by the rupture .
Ina web log post write on Wednesday , Okta chief security officer David Bradbury say the party has since determine that all of its customer are affected by the rupture . Okta spokesperson Cat Schermann would not provide an exact figure when ask by TechCrunch , but Okta has around 18,000 customers , harmonise to the troupe ’s website , including 1Password , Cloudflare , OpenAI and T - Mobile .
Bradbury say on September 28 , a hacker pass and download a written report that turn back data belonging to “ all Okta customer support system users . ” For 99.6 % of client , hackers access only full name and email speech , according to Okta , though in some case they may also have access phone numbers , usernames and details of some employee roles .
“ While we do not have direct noesis or grounds that this information is being actively exploited , there is a possible action that the terror thespian may use this information to target Okta customers via phishing or social engineering science attacks , ” Bradbury say . The notorious Scattered Spider hacking chemical group , also jazz as Oktapus , has previously leveraged various societal technology tactics to target the accounts of Okta customer , includingCaesars EntertainmentandMGM Resorts .
Okta is advisingall customers to utilise multi - cistron authenticationand to habituate phishing - insubordinate appraiser , such as physical security department winder .
Okta says its pursue - up analysis has also determined that the threat actor accessed “ additional write up and musical accompaniment cases ” moderate the striking information of all Okta - certified users and some Okta Customer Identity Cloud ( CIC ) customer contacts . Some Okta employee information was also include in these reports , but the company has n’t confirm how many of its 6,000 employee are affected .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Okta say that none of its government customer are affected by the breach , and said its Auth0 keep case direction system was not bear upon .
The identity operator of the threat thespian behind the most late breach of Okta ’s systems is not yet known .
This is the late of many security incident impacting Okta . Last year , the companionship admitted that hackersstole some of its author code . A separate incident earlier in the year find hackers post screenshotsshowing access to the caller ’s internal networkafter hacking into a society Okta used for customer service .
Okta allege hackers stole customer memory access tokens from support unit
