Listen to this article:
Comprehensive Data Breach at Okta
Okta, a renowned U.S. access and identity management company, has disclosed a substantial data breach impacting all of its customer support users. Initially believed to have affected only a small fraction of its clientele, further investigation revealed the extent of the breach to be much larger. In October, Okta confirmed that a hacker had exploited a stolen credential to access its support case management system. This unauthorized access led to the theft of customer-uploaded session tokens, potentially jeopardizing the security of Okta's network and its clients.
Extent of the Breach
David Bradbury, Okta's Chief Security Officer, reported that on September 28, a threat actor downloaded a report containing data of all Okta customer support system users. While the majority of affected customers had only their full names and email addresses compromised, some also had their phone numbers, usernames, and specific employee roles exposed. This breach has put approximately 18,000 customers at risk, including notable clients like 1Password, Cloudflare, OpenAI, and T-Mobile.
Okta's Response and Recommendations
Okta has not found direct evidence of the stolen information being exploited, but the risk of phishing and social engineering attacks remains high. The company advises all customers to employ multi-factor authentication and phishing-resistant methods like physical security keys. Additionally, the breach extended to other reports and support cases, potentially affecting some Okta employee data. However, Okta's government customers and the Auth0 support case management system were not impacted by this breach.
About the author
Evalest's tech news is crafted by cutting-edge Artificial Intelligence (AI), meticulously fine-tuned and overseen by our elite tech team. Our summarized news articles stand out for their objectivity and simplicity, making complex tech developments accessible to everyone. With a commitment to accuracy and innovation, our AI captures the pulse of the tech world, delivering insights and updates daily. The expertise and dedication of the Evalest team ensure that the content is genuine, relevant, and forward-thinking.
Significant Rise in Websites Blocking Google-Extended: A 180% Jump
A dramatic increase in the number of websites blocking Google-Extended is observed, with a 180% jump in just one month. Prominent websites, including The New York Times and Yelp, are among those opting for this block to prevent their content from being accessed by Google's AI technologies.
FTC Enhances AI Investigation Procedures to Tackle Unlawful Uses
The U.S. Federal Trade Commission (FTC) has streamlined its investigation process for cases involving unlawful use of artificial intelligence (AI), marking a significant move in regulating AI applications.
Android's New Real-Time App Scanning: A Robust Shield Against Malicious Sideloading
Explore Android's latest security enhancement with Google Play Protect's real-time app scanning to combat malicious sideloaded apps.