Okta Addresses Data Leak Rumors, Finds No Internal Breach

Key Takeaways

  • Okta refutes claims that leaked data on a hacker forum originated from its systems.
  • An internal and KELA investigation finds no evidence of a breach in Okta's systems.
  • The disputed data, claimed to be from Okta, is likely sourced from a different breach.

Okta denies data breach allegations, stating that leaked info was not from its systems. Cyber-intelligence firm KELA corroborates findings.

Okta refutes claims of data leakage originating from its systems. It counters allegations made by a threat actor on a hacking forum regarding a supposed breach in October 2023.

Breach Forums Screenshot
Breach Forums Screenshot

Headquartered in San Francisco, Okta specializes in cloud identity and access management solutions. It serves numerous organizations globally with its Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services.

Following a cyberattack in October 2023, Okta disclosed that its support system was compromised. It led to unauthorized access and the theft of cookies and authentication data for select customers. Subsequently, an internal probe revealed that the incident impacted all support system users. It raised concerns about potential breaches for several Okta clients.

The aftermath of the breach saw an escalation in security risks for multiple clients. This included an incident involving the compromise of a Cloudflare Atlassian server, where attackers utilized access tokens pilfered during the Okta breach.

Recently, an individual using the alias ‘Ddarknotevil’ asserted the release of an Okta Database purportedly containing data from 3,800 customers compromised during last year’s breach.

BleepingComputer contacted Okta to verify the claims’ authenticity and any potential association with the October incident or other undisclosed breaches.

Okta responded to the allegations, stating that the leaked data does not originate from its systems and appears to be sourced from publicly available information on the Internet.

Furthermore, Okta’s IT team conducted a thorough investigation and concluded that no evidence of a breach was found within their systems.

Independent analysis by cyber-intelligence firm KELA corroborated Okta’s stance, affirming that the leaked data matches a dump from July 2023, attributed to the threat actor ‘IntelBroker,’ who claimed to have obtained it from the National Defense Information Sharing and Analysis Center.

Related Article