[ad_1]
In late October, the identification administration platform Okta started notifying its customers of a breach of its buyer assist system. The corporate mentioned on the time that about 1 p.c of its 18,400 clients have been impacted by the incident. However in a large enlargement of this estimate early this morning, Okta mentioned that its investigation has uncovered extra proof that, in truth, all of its clients had knowledge stolen within the breach two months in the past.
The unique 1 p.c estimate associated to exercise by which attackers used stolen login credentials to take over an Okta assist account that had some buyer system entry for troubleshooting. However the firm admitted on Wednesday that its preliminary investigation had missed different malicious exercise by which the attacker merely ran an automatic question of the database that accommodates names and electronic mail addresses of “all Okta buyer assist system customers.” This additionally included some Okta worker info.
Whereas the attackers queried for extra knowledge than simply names and electronic mail addresses—together with firm names, contact cellphone numbers, and the information of final login and final password modifications—Okta says that “the vast majority of the fields within the report are clean and the report doesn’t embody person credentials or delicate private knowledge. For 99.6 p.c of customers within the report, the one contact info recorded is full identify and electronic mail handle.”
The one Okta customers not impacted by the breach are high-sensitivity clients that should adjust to america Federal Danger and Authorization Administration Program or US Division of Protection Impression Degree 4 restrictions. Okta supplies a separate assist platform for these clients.
Okta says it didn’t notice that every one clients had been affected by the incident as a result of, whereas its preliminary investigation had appeared on the queries the attackers ran on the system, “the file measurement of 1 explicit report downloaded by the menace actor was bigger than the file generated throughout our preliminary investigation.” Within the preliminary evaluation, when Okta regenerated the report in query as a part of retracing the attackers’ steps, it didn’t run an “unfiltered” report, which might have returned extra outcomes. This meant that in Okta’s preliminary evaluation, there was a discrepancy between the scale of the file the investigators downloaded and the scale of the file the attackers had downloaded, as recorded within the firm’s logs.
Okta didn’t instantly reply to WIRED’s requests for clarification on why it took a month for the corporate to run an unfiltered report and reconcile this inconsistency.
[ad_2]
Source link
