OKTA, a well-known identity management services company, recently suffered a serious data breach. The company originally claimed in early November that only 1% of users were affected, but now it appears that almost everyone who uses the Okta platform has been affected by the breach.
The leaked data included the name and email address of every customer in the Okta customer database, as well as the information of some of the company's employees, which means a very high risk of being hacked for all users. In fact, we should all make sure that we have security measures in place, including strong passwords and multi-factor authentication.
This is undoubtedly an ironic scene for a company whose core business is security and authentication. OKTA says it has rolled out new security features and has advised customers on what to do next.
"While we have no direct evidence that this information is being exploited, we have informed all customers that these files increase the security risks of phishing and social engineering," said Jenny Grich, a spokesperson for OKTA. ”
While the name and email address alone may not seem like a big risk, it does significantly increase the risk of being attacked. Hackers often impersonate colleagues to trick victims into sharing confidential information or clicking on malicious links. In addition, this information may also be combined with login credentials from other breaches to be used in password-stuffing attacks.
This isn't OKTA's first security disaster in recent times. In 2022, a hacking group called LAPSUS$ released screenshots showing that they had gained administrator access to the Okta system. London** arrested several teenagers suspected of being involved in the attack.