Okta denies that its firm information was leaked after a risk actor shared recordsdata allegedly stolen throughout an October 2023 cyberattack on a hacker discussion board.
Okta is a San Fransisco-based cloud id and entry administration options supplier whose Single Signal-On (SSO), multi-factor authentication (MFA), and API entry administration providers are utilized by hundreds of organizations worldwide.
In October 2023, Okta warned that its assist system was breached by hackers utilizing stolen credentials, permitting attackers to steal cookies and authentication for some clients. After the inner investigation was accomplished in late November, it was revealed that the incident impacted all users of the customer support system.
That incident elevated the danger of breaches for a number of Okta purchasers, with a notable case being a subsequent compromise of one in all Cloudflare’s self-hosted Atlassian servers the place the hackers employed entry tokens stolen in the course of the Okta breach.
On Saturday, a cybercriminal utilizing the alias ‘Ddarknotevil’Â claimed to be releasing an Okta Database containing info of three,800 clients that was stolen throughout final yr’s breach.
“In the present day, I’ve uploaded the Okta database for you all, This Breach is being shared in behife @IntelBroker – [Cyber <redacted>] thanks for studying and luxuriate in!,” a risk actor posted to a hacking discussion board.”
“In September 2023, Okta, an IT service administration firm, suffered a knowledge breach that led to the publicity of three.8 thousand buyer assist customers.”
The leaked information contains person IDs, full names, firm names, workplace addresses, cellphone numbers, e mail addresses, positions/roles, and different info.
BleepingComputer contacted Okta over the weekend to ask if the claims are linked to the October incident or every other undisclosed breach.
In the present day, the corporate mentioned that the info doesn’t belong to them and seems to be from public info on the web.
“This isn’t Okta’s information, and it’s not related to the October 2023 safety incident,” an Okta spokesperson informed BleepingComputer.
“We can’t decide the supply of this information or its accuracy, however we famous that some fields have dates from over ten years in the past. We suspect that this info could also be aggregated from public info sources on the Web.”
The Okta spokesperson additionally confirmed to BleepingComputer that the agency’s IT group totally investigated all programs over the weekend and located no proof of a breach.
Cyber-intelligence agency KELA additionally reviewed the shared information and independently corroborated that the data does not belong to Okta however is believed to be from a distinct firm breached in July.
KELA’s evaluation of the info and variety of information confirmed that it is the identical information as a July 2023 dump made by the risk actor ‘IntelBroker,’ who claimed to have stolen it from the Nationwide Protection Data Sharing and Evaluation Heart.
