Customers at risk of phishing attacks after hack, Okta warns

18,000 customers at risk of phishing attacks after security firm Otka hacked

Image:
18,000 customers at risk of phishing attacks after security firm Otka hacked

Software security firm Otka has warned that some of its 18,000 corporate and government customers have been left vulnerable to phishing attacks after hackers broke into its computer systems a month ago.

Hackers broke into the firm's technical support management system, Okta Help Sector, and grabbed the names and email addresses of all customers using it to get help running the Okta software they use to control access to sensitive computer systems and applications across their computing infrastructure.

"There is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks," Okta chief security officer David Bradbury said in a customer alert yesterday. Not all its customers were logged in the support system.

Okta's highest security government and military customers were not vulnerable to the attack because their support requests were managed separately. And its main security software services had not been compromised.

But the hack still put its other customers at high risk because most people who use its support system are systems administrators with privileged access to sensitive parts of their networks. Hackers could send them phishing emails with malicious software attachments and links that, if opened, they could use to break in.

The threat would be mitigated if vulnerable administrators only accessed its security software services and its support system using multi-factor authentication (MFA), said Bradbury.

But though 94% of its customers do that, the support system hackers had already gone on to hack the systems of five unnamed Okta customers when the software firm raised the alert on 20th October.

Okta published details of suspicious IP addresses customers should scan for in their system logs, saying at the time that such attacks "highlight the importance of remaining vigilant". The firm spelled out other precautions customers should take in its alert yesterday.