A hacker has shared a new database on an underground forum, claiming it contained data stolen from Okta - however the company begs to differ.
In late October 2023, cybercriminals broke into Okta systems and stole client session cookies, potentially giving them access to those companies’ networks, and opening the doors to malware and ransomware attacks. Subsequent investigation showed that all of Okta’s customers were affected.
Now, almost half a year later, a hacker with the alias “Ddarknotevil” posted a new database on a dark web forum, claiming it contained data on 3,800 Okta customers, BleepingComputer reported.
Another Okta breach? Apparently not...
"Today, I have uploaded the Okta database for you all, This Breach is being shared in behife @IntelBroker - [Cyber
The database contains user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.
However, being asked about the database, Okta told the publication that the data didn’t belong to it, and that it was probably simply scraped from the internet.
"This is not Okta's data, and it is not associated with the October 2023 security incident," an Okta spokesperson told BleepingComputer. "We cannot determine the source of this data or its accuracy, but we noted that some fields have dates from over ten years ago. We suspect that this information may be aggregated from public information sources on the Internet."
The publication also found that cybersecurity firm KELA analyzed the data and concluded that it belonged to the National Defense Information Sharing and Analysis Center. It was apparently stolen in July last year, and published by a known leaker IntelBroker.
More from TechRadar Pro
- Okta could be facing more cyberattacks following customer support hack
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now