Authentication service provider Okta has revealed that its latest attack actually affected many more customers than previously reported.
There are some hacks that hurt more than others. Okta had already suffered an attack last year from the Lapsus$ group, an attack which targeted its customers. Two months ago, a new attack was again recorded by the company, which then wanted to reassure its customers. Only 1% of them had their data stolen. A figure which was in fact very far from reality.
All affected customer support users
Okta is not celebrating today, as shown by the decline in its stock price. And this is normal, given the communication that has just been made. Because while the company claimed to have only lost 1% of customer data in the operation, it turns out in fact that the leak was on a much larger scale.
Thus, in a letter sent to all customers, Okta explains that the hackers were able to get their hands on the data of everyone who had access to its customer support system. Among the stolen data, the names of people, as well as their email addresses.
Beware of phishing!
Obviously, given the data collected, the first use that comes to mind would be the creation of phishing campaigns. But on this point, Okta still tries to remain optimistic.
“ We have not seen direct evidence that the threat actor is using this list to launch phishing attacks against help desk users » indicated the company. Even if ” phishing attacks are a constant threat » was nevertheless clarified.
Okta has contacted a digital expertise company to investigate this attack. The Californian firm also explained that it would contact individually all people affected by this hack.
Source : Bloomberg
1