Okta hit by another breach, this one stealing employee data from 3rd-party vendor

Identification and authentication administration supplier Okta has been hit by one other breach, this one towards a third-party vendor that allowed hackers to steal private data for five,000 Okta workers.

The compromise was carried out in late September towards Rightway Healthcare, a service Okta makes use of to assist workers and their dependents find well being care suppliers and plan charges. An unidentified risk actor gained entry to Rightway’s community and made off with an eligibility census file the seller maintained on behalf of Okta. Okta realized of the compromise and knowledge theft on October 12 and didn’t disclose it till Thursday, precisely three weeks later.

“The varieties of private data contained within the impacted eligibility census file included your Identify, Social Safety Quantity, and well being or medical insurance coverage plan quantity,” a letter despatched to affected Okta workers acknowledged. “Now we have no proof to recommend that your private data has been misused towards you.”

The letter, which is the primary time the occasion has been disclosed, mentioned that Okta opened an investigation instantly after studying of it. The investigation revealed that knowledge for 4,961 Okta employees was included within the stolen file.

In an electronic mail, an Okta consultant mentioned that primarily based on data Rightway offered, the intruder first gained entry to a Rightway worker’s cellular phone after which used that entry to alter credentials and take the information. The information, which have been from April 2019 via 2020, have been exfiltrated from Rightway’s IT atmosphere. The private data pertained to Okta workers and their dependents from 2019 and 2020. Okta additionally mentioned that Rightway knowledgeable it that the compromise concerned a number of Rightway prospects.

“This incident doesn’t relate to using Okta companies and Okta companies stay safe,” the consultant mentioned. “No Okta buyer knowledge is impacted by this incident.”

Rightway representatives didn’t instantly reply to an electronic mail searching for remark and extra particulars in regards to the breach.

Thursday’s disclosure comes two weeks after Okta revealed that hackers compromised its buyer assist system and obtained credentials that allowed them to take management of consumers’ inner Okta administration accounts. The attackers then used these credentials in follow-on hacks that focused the interior administration accounts of 1Password, BeyondTrust, Cloudflare, and probably different prospects.

Okta is predicated in San Francisco and supplies cloud id, entry administration for single sign-on, multifactor authentication, and API companies to 1000’s of organizations worldwide. The corporate has beforehand come underneath criticism for safety breaches and its dealing with of them afterward. Most lately, Cloudflare referred to as out Okta for not driving the intruders out of its community till October 18, 16 days after first studying of the compromise. Cloudflare urged Okta to behave faster sooner or later when studying of safety breaches, offering disclosures sooner and requiring using {hardware} keys to guard inner methods and methods utilized by third-party assist suppliers.

“For a important safety service supplier like Okta, we imagine following these greatest practices is desk stakes,” Cloudflare researchers wrote.

The Okta consultant mentioned in Thursday’s electronic mail that when the corporate realized of the Rightway compromise on October 12, investigators had 27,000 information to type via. A lot of the method needed to be manually completed and took time to finish.