Okta has expanded the scope of its security breach, revealing that hackers gained access to names and email addresses of all its customer support system users, impacting all Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers except those in specific government-grade environments. While user credentials and sensitive personal data weren’t included in the accessed report, names and email addresses for 99.6% of users were compromised. Okta’s chief security officer cautioned about potential phishing or social engineering attacks using this data and stressed the importance of multi-factor authentication for user protection. The breach was initially traced back to an employee’s use of a personal Google account on a company-managed laptop, leading to targeted attacks against third-party entities. Okta has faced repeated hacking attempts, highlighting the ongoing risks associated with such incidents and the need for heightened security measures, particularly multi-factor authentication.
Read more: https://www.securityweek.com/okta-broadens-scope-of-data-breach-all-customer-support-users-affected/