Tech

Okta says breach caused by employee's stolen password

Okta believes that 134 customers were affected by a recent breach caused by someone taking an employee's Google password and username.

Okta logo on a website.
Shutterstock
SMS

Okta, which provides online security services for businesses, provided additional details after someone was able to hack into Okta's support case management system. Okta said that the hackers were able to see files uploaded by some Okta customers in recent support cases. 

All told, Okta said the breach impacted 134 customers, representing less than 1% of all customers, the company said. On Friday, the company provided affected customers with steps on mitigating the breach. 

"The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself," Okta chief security officer David Bradbury said. "This service account was granted permissions to view and update customer support cases. During our investigation into suspicious use of this account, Okta Security identified that an employee had signed in to their personal Google profile on the Chrome browser of their Okta-managed laptop. 

"The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device."

TikTok hit with $368 million fine for failing to protect child privacy
TikTok hit with $368 million fine for failing to protect child privacy

TikTok hit with $368 million fine for failing to protect child privacy

The fine comes from Ireland's Data Protection Commission, citing violations during the second half of 2020.

LEARN MORE

Okta stressed that its support case management system is separate from its main service, which it says is fully operational and has not been impacted. 

As of August, Okta had 18,400 customers, and the company has seen rapid growth in recent years as more companies look to secure their online services. 

In late 2021, the company reported about $251 million in revenue in one quarter. By the summer this year, the company reported $556 million in quarterly revenue. 

Okta enables secure access, authentication and automation for businesses.