Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label help desk data. Show all posts

Okta Data Breach Highlights Hackers' Untapped Gold Mine


The recent data breach at tech firm Okta has drawn attention to the risks associated with not protecting data that is rarely given top priority in terms of security, records customer service. 

The help desk system, which is used by some of the largest companies in the world, such as FedEx and Zoom, is accessed by hackers using a password that was stolen, according to a statement released by Okta on October 20. Okta provides software that other businesses use to manage login accounts. The attack on Okta, which has already cost the company $2 billion in market valuation, has the potential to spread into a more serious issue because this data occasionally contains files that can be used to secretly access the systems of Okta clients.

There are already indications of this happening. On Monday, popular password management company 1Password revealed that hackers had gained access to some parts of Okta's computer network by using data they had taken from the help-desk portal. The company notes that the brief intrusion was limited to a system that manages “employee-facing apps” and that “no 1Password user data was accessed.”

Depending on how they utilize the service and the internal systems they have connected to it, other Okta customers might be at greater risk. Gruhbhub, Tyson Foods, T-Mobile, the pharmaceutical firm McKesson, the diagnostics company LabCorp, and Main Street merchants like Crate & Barrel and Levi's are among Okta's prime customers.

According to Kyrk Storer, a spokesman for Okta, the hack of the company's help-desk portal impacted about 1% of its more than 18,000 users. These victims have now been notified of the hack, the company confirms.

Supply-chain attacks are cyber breaches that use access to one organization to target other partners, suppliers, or customers of that company. Exploiting a victim’s supply chain to reach more targets has become a popular cyberattack tactic among hackers, taking into account the digital connectivity among companies. In recent years, cyber intrusion on IT management firms like SolarWinds and Kaseya and file-transfer software manufacturer MOVEit had severe global repercussions. 

In most supply-chain assaults, hackers either discover or introduce a weakness in a popular software product, which they then utilize to access the systems of the firms that employ it. However, Okta attacks are not supported by any evidence that they involved software flaws. Instead, the hackers took advantage of extremely private consumer complaint submissions by utilizing login credentials they had obtained from a business that offered secure login software.

Customer service records are frequently mistakenly dismissed as being insignificant and obscure when compared to other types of data that companies maintain. Few organizations place the same emphasis on preserving this data as they do on safeguarding their clients' credit card information. However, a help desk system has an array of information about a business's clients and technological flaws, and the Okta attack indicates that hackers are becoming more aware of this.