Okta Says Hackers Stole All of Its Customer Support Data. Here's How to Protect Yourself

What happened

Okta has notified users that the security breach it first announced last month was worse than it first thought. The company, which specializes in identity verification, initially estimated that less than 1% of customers had been affected. However, Chief Security Officer David Bradbury now says the hackers downloaded data from all Okta customer support system users.

So what

The good news is that Okta says only names and email addresses were stolen, at least for 99.6% of impacted users. The bad news is that this is information criminals can and do use to access our accounts. Okta has over 18,000 customers worldwide, and works with big companies such as Zoom, T-Mobile, and Hewlett Packard.

Okta warns the breach could put users at a higher risk of phishing or social engineering attacks. Phishing is where criminals pose as organizations you trust, often via email, to trick you into sharing sensitive information or installing malware. Social engineering is also known as "human hacking" and can involve more complex hoaxes.

Now what

Whether or not you're an Okta customer, cyber threats are on the rise. FBI data shows that people lost almost $190 million to identity theft in 2022. Sadly, there's a trade-off for the convenience of online banking and using a host of shopping and budgeting apps: It's easier for criminals to find ways to hack into your accounts.

Here are some ways you can protect yourself:

• Set up multi-factor authentication (MFA): MFA is the backbone of Okta's business. It adds an extra layer of security to your login -- such as getting you to enter a code as well as your password. You might use an authenticator app or get an extra code sent to your phone.
• Know how to recognize phishing scams: Be suspicious when companies contact you out of the blue and ask for sensitive data, whether it's by email, text message, or a phone call. Watch out for red flags such as slightly odd sender info, emails where your address isn't in the "to" box, and language that doesn't feel right.
• Use a different password for every account: It can be hard to keep track of your password info across multiple accounts. But using an easy-to-guess password or repeating the same password to access several sites can be dangerous. Consider a password manager or come up with your own system to generate strong and unique passwords.
• Keep your antivirus software up to date: Security software can help protect you against malware, spyware, and viruses. It can also alert you to suspicious emails and give you some protection online. Set up automatic updates to stay ahead of the latest threats.

Many bank accounts and credit cards provide some level of protection against fraud, but it's still important to be vigilant. The harder you can make it for cyber criminals, the better.