Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Okta October Security Incident – Contact Information (email) Exposure
6 points by KomoD on Dec 20, 2023 | hide | past | favorite | 5 comments
Just received this email from Okta:

Hello,

On Wednesday, November 29 we published a blog post with an update on the October security incident. As described in the blog post, the threat actor accessed reports in the Okta customer support system containing user contact information. This email is part of our outreach to the individuals affected by this information exposure.

We are contacting you today to notify you that your contact information - name, and certain other contact information such as phone number, work address and/or email address was among the information downloaded by the threat actor. This contact information does not include user credentials or sensitive personal information.

Your contact information was in Okta’s customer support system because of prior interaction with Okta. For example, holding an Okta certification (e.g., an Okta Certified Professional certificate), participating in a product trial, receiving promotional communication, being a former customer, or similar.

As we shared in our November 29 blog post, we do not have direct knowledge or evidence that this information is being actively exploited. We aim to share this information with you as a precaution as phishing and social engineering attacks are common and there is the possibility that this information may be used for such purposes.

As a security best practice, Okta strongly recommends that you enable multi-factor authentication (MFA) across all your online accounts as a key protection against these types of attacks. If you have further questions or concerns, please call 800-456-3166 toll-free Monday through Friday 8:00am CST to 8:00pm CST (excluding major U.S. holidays). Be prepared to provide your engagement number Bxxxxxx.

We apologize for the frustration this situation has caused.

Thank you,

Okta Team




Looks like phishing. Contact number provided is not present in any of the okta official website. What is the sender email address?


Also all links are tracking links to http://click1.marketing.csid.com ... note they are plain http, of course. It's all so incompetently done I can only assume it's legitimate.


csid.com redirects to Experian to make it look more legitimate but... what's that go to do with okta? Seems to be a scam.


Oh wow, so CSIdentity Corporation was combined with Experian in 2016: https://www.experian.com/blogs/news/2016/04/18/csid/ so this email appears to be legitimate:

Original Message Message ID <1531460072.29729015.1703124342154@marketing.csid.com> Created at: Wed, Dec 20, 2023 at 7:05 PM (Delivered after 0 seconds) From: Okta <okta@mail.csid.com> To: "kseifried@cloudsecurityalliance.org" <kseifried@cloudsecurityalliance.org> Subject: Okta October Security Incident – Contact Information Exposure SPF: PASS with IP 96.46.132.207 Learn more DKIM: 'PASS' with domain mail.csid.com Learn more DMARC: 'PASS' Learn more

Which means the text of the email:

"As a security best practice, Okta strongly recommends that you enable multi-factor authentication (MFA) across all your online accounts as a key protection against these types of attacks."

Is especially ironic considering how Okta got popped.


I received the same email today.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: