Okta Data Breach Spotlights Untapped Gold Mine for Hackers

The spiraling consequences of the recently disclosed data breach at the tech company Okta are highlighting the dangers of failing to protect information rarely considered a security priority: customer service records.

Okta, which sells software that other companies use to manage login accounts, announced on Oct. 20 that hackers used a stolen password to access its help-desk system, where Okta customers — including some of the world’s biggest businesses, like FedEx and Zoom — upload sensitive internal data as part of their tech-support requests. Because this data sometimes includes files that can be used to sneak into Okta customers’ own systems, the attack on Okta — which has already cost the company $2 billion in market valuation and could metastasize into a larger crisis.

There are already signs that this is happening. On Monday, the leading password management company 1Password announced that hackers used information stolen from Okta’s help-desk portal to access part of its computer network. The company said the short-lived intrusion was limited to a system that manages “employee-facing apps” and that “no 1Password user data was accessed.”

Other Okta clients may be in more danger, depending on how they use the service and what internal systems they’ve connected to it. Okta’s major customers include Gruhbhub, Tyson Foods and T-Mobile, as well as the pharmaceutical giant McKesson, the diagnostics firm LabCorp and Main Street retailers such as Crate & Barrel and Levi’s.

Around 1% of Okta’s more than 18,000 customers were affected by the breach of its help-desk portal, according to Okta spokesperson Kyrk Storer. The company said it has notified all of those customers. 

Cyber intrusions that leverage access to one company to target that company’s customers, suppliers or other partners are known as supply-chain attacks. Exploiting a victim’s supply chain to reach a broader array of targets has become an increasingly popular hacking tactic as companies become more and more digitally intertwined. In recent years, cyberattacks on the IT management firms SolarWinds and Kaseya and the file-transfer software maker MOVEit have had massive global consequences.

These supply-chain attacks usually involve hackers either finding or creating a vulnerability in a widely used software product and then exploiting that flaw to breach companies using the software. The Okta attack is different, however. There is no evidence that it involved software vulnerabilities. Instead, using login information stolen from a company that sells secure login software, the hackers stole and made use of highly sensitive customer complaint submissions.

Compared to other kinds of data that companies store, customer support records are often mistakenly considered obscure and insignificant. Few companies focus as much on securing this data as they do on protecting their customers’ payment information. But a help-desk system contains a treasure trove of data about a company’s customers and its technological weaknesses, and the breach at Okta suggests that hackers are increasingly waking up to this fact.