Okta denies it was hacked again after data appears on hacking site

News
By Sead Fadilpašić
published

"It's not ours," says Okta

Data leak
(Image credit: Shutterstock)

A hacker has shared a new database on an underground forum, claiming it contained data stolen from Okta - however the company begs to differ.

In late October 2023, cybercriminals broke into Okta systems and stole client session cookies, potentially giving them access to those companies’ networks, and opening the doors to malware and ransomware attacks. Subsequent investigation showed that all of Okta’s customers were affected. 

Now, almost half a year later, a hacker with the alias “Ddarknotevil” posted a new database on a dark web forum, claiming it contained data on 3,800 Okta customers, BleepingComputer reported.

Another Okta breach? Apparently not...

"Today, I have uploaded the Okta database for you all, This Breach is being shared in behife @IntelBroker - [Cyber <redacted>] thanks for reading and enjoy!," the thread said. "In September 2023, Okta, an IT service management company, suffered a data breach that led to the exposure of 3.8 thousand customer support users."

The database contains user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.

However, being asked about the database, Okta told the publication that the data didn’t belong to it, and that it was probably simply scraped from the internet.

"This is not Okta's data, and it is not associated with the October 2023 security incident," an Okta spokesperson told BleepingComputer. "We cannot determine the source of this data or its accuracy, but we noted that some fields have dates from over ten years ago. We suspect that this information may be aggregated from public information sources on the Internet."

The publication also found that cybersecurity firm KELA analyzed the data and concluded that it belonged to the National Defense Information Sharing and Analysis Center. It was apparently stolen in July last year, and published by a known leaker IntelBroker.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.