Skip to main content

4 Okta customers hit by campaign that gave attackers super admin control

posted onSeptember 5, 2023
by l33tdawg
Arstechnica
Credit: Arstechnica

Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access.

The Okta super administrator accounts are assigned to users with the highest permissions inside an organization using Okta’s service. In recent weeks, Okta customers’ IT desk personnel have received calls that follow a consistent pattern of social engineering, in which attackers pose as a company insider in an attempt to trick workers into divulging passwords or doing other dangerous things. The attackers in this case call service desk personnel and attempt to convince them to reset all multi-factor authentication factors assigned to super administrators or other highly privileged users, Okta said recently.

Two-factor authentication and multi-factor authentication, usually abbreviated as 2FA and MFA, require a biometric, possession of a physical security key, or knowledge of a one-time password in addition to a normally used password to access an account.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th