软餐获悉,身份验证平台 Okta 在 11 月初曝出一起数据泄露事件,现在该公司首席财务官 David Bradbury 称,进一步调查显示,所有使用 Okta 支持的客户都是网络攻击的受害者,而非最初预计的 134 个客户。目前尚不清楚有多少客户受到影响。该公司表示,数字取证调查仍在进行中,调查结果将在完成后分享。Okta 承诺会通知受影响的用户。该平台表示,原则上支持系统中包含一些敏感的用户数据,包括姓名、电子邮件地址、电话号码、职位描述和密码。然而,实际上,99.6% 的客户在数据库中只包含姓名和电子邮件地址。尽管如此,该平台建议用户启用两步验证,并警惕网络钓鱼和社交工程攻击。
Okta 是公司用来在员工访问内部系统之前对其进行身份验证的身份验证平台。此次数据泄露是由一名公司员工用自己的 Google 帐户登录 Okta 笔记本电脑造成的,该帐户后来遭到黑客攻击。Okta 的企业登录详细信息存储在相关员工的个人 Google 帐户中。
Identity verification platform Okta exposed a data breach in early November. Now, the company’s Chief Financial Officer, David Bradbury, has stated that further investigation reveals all customers supported by Okta have fallen victim to the cyber attack, rather than the initially estimated 134 customers. It is currently unclear how many customers have been affected. The company states that digital forensics investigations are still ongoing and results will be shared upon completion. Okta promises to notify affected users. The platform indicates that sensitive user data potentially included in the system comprises names, email addresses, phone numbers, job descriptions, and passwords. However, in reality, only 99.6% of customers’ databases contain names and email addresses exclusively. Despite this fact, the platform advises users to enable two-factor authentication and remain vigilant against phishing and social engineering attacks.
Okta is an identity verification platform used by companies to authenticate employees before accessing internal systems. This data breach was caused by an employee logging into their Okta laptop using their personal Google account which was later targeted by hackers. Okta’s enterprise login details are stored within relevant employees’ personal Google accounts.
微信扫一扫