Getty Photos
Id and authentication administration supplier Okta has been hit by one other breach, this one in opposition to a third-party vendor that allowed hackers to steal private data for five,000 Okta workers.
The compromise was carried out in late September in opposition to Rightway Healthcare, a service Okta makes use of to help workers and their dependents to find well being care suppliers and plan charges. An unidentified risk actor gained entry to Rightway’s community and made off with an eligibility census file the seller maintained on behalf of Okta. Okta realized of the compromise and information theft on October 12 and didn’t disclose it till Thursday, precisely three weeks later.
“The varieties of private data contained within the impacted eligibility census file included your Identify, Social Safety Quantity, and well being or medical insurance coverage plan quantity,” a letter despatched to affected Okta workers acknowledged. “We now have no proof to recommend that your private data has been misused in opposition to you.”
The letter, which is the primary time the occasion has been disclosed, mentioned that Okta opened an investigation instantly after studying of it. The investigation revealed that information for 4,961 Okta workers was included within the stolen file.
In an e mail, an Okta consultant mentioned that based mostly on data Rightway offered, the intruder first gained entry to a Rightway worker’s cellphone after which used that entry to alter credentials and take the recordsdata. The recordsdata, which have been from April 2019 by means of 2020, have been exfiltrated from Rightway’s IT atmosphere. The non-public data pertained to Okta workers and their dependents from 2019 and 2020. Okta additionally mentioned that Rightway knowledgeable it that the compromise concerned a number of Rightway prospects.
“This incident doesn’t relate to the usage of Okta providers and Okta providers stay safe,” the consultant mentioned. “No Okta buyer information is impacted by this incident.”
Rightway representatives didn’t instantly reply to an e mail searching for remark and extra particulars in regards to the breach.
Thursday’s disclosure comes two weeks after Okta revealed that hackers compromised its buyer help system and obtained credentials that allowed them to take management of consumers’ inner Okta administration accounts. The attackers then used these credentials in follow-on hacks that focused the inner administration accounts of 1Password, BeyondTrust, Cloudflare, and presumably different prospects.
Okta relies in San Francisco and offers cloud id, entry administration for single sign-on, multifactor authentication, and API providers to hundreds of organizations worldwide. The corporate has beforehand come below criticism for safety breaches and its dealing with of them afterward. Most not too long ago, Cloudflare referred to as out Okta for not driving the intruders out of its community till October 18, 16 days after first studying of the compromise. Cloudflare urged Okta to behave faster sooner or later when studying of safety breaches, offering disclosures sooner and requiring the usage of {hardware} keys to guard inner programs and programs utilized by third-party help suppliers.
“For a crucial safety service supplier like Okta, we imagine following these greatest practices is desk stakes,” Cloudflare researchers wrote.
The Okta consultant mentioned in Thursday’s e mail that when the corporate realized of the Rightway compromise on October 12, investigators had 27,000 data to kind by means of. A lot of the method needed to be manually performed and took time to finish.
