Hackers breached customer data of this US cybersecurity firm, here’s how it was affected | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Two months ago, US-based cybersecurity firm Okta was breached by hackers who compromised the company’s customer support system. The company has now confirmed that the attackers stole information about all users on its customer support system. For the unaware, Okta manages user authentication services for thousands of corporate clients.

In a recent letter (seen by Bloomberg), the company notified customers that it had discovered that the hackers downloaded a report containing data. It included the names and email addresses of all clients that use Okta’s customer support system. This is why Okta warned customers that they may face an increased risk of attacks and asked them to use stronger multifactor authentication.

Here’s what Okta has to say
In the letter, Okta wrote: “While we have not seen direct evidence that the threat actor is using this list to launch phishing attacks against support system users, phishing attacks are a constant threat.”

How the data breach affected Okta
Last month, the San Francisco-based company’s shares dropped when it disclosed that hackers used a stolen credential to access its support system. At the time, a company spokesman estimated that about 184 clients (representing roughly 1 per cent of Okta’s customers) were affected.

However, in a recent audit, the company found that more data was stolen than it initially estimated. Okta also discovered that information about some of its employees was also included in stolen reports.

The company claimed that the report stolen by hackers also included fields for customer user names, company names and mobile phone numbers. Okta also noted that most of the fields were blank and didn’t include credentials or sensitive personal data. The company also mentioned that the only contact information that hackers were able to steal for more than 99% of customers listed in the report only includes the full names and email addresses.

This also wasn’t the first time attackers were able to breach Okta’s data. In 2022, the company disclosed that a hacking group had breached its system after the gang posted screenshots that showed access to Okta accounts.


Click Here For The Original Source.

National Cyber Security