Tuesday Newsday Oct 17 - Oct 23: Okta Woes, Ransomware Busts, & Election Hacks
Another day, another dollar, another tale of security exploits. The Internet kitchen is open 24/7, and the chefs have shown no desire to stop thus far. For this week's edition of Tuesday Newsday™, we'll be kicking things off with a developing breach and its subsequent fallout: Okta.
Hackers were able to see private customer information after accessing Okta's customer support system. Security firm Beyond Trust has stated that they notified Okta of a potential breach as early as October 2, with Okta finally admitting they had indeed been breached on October 19. The recent MGM breaches were also conducted via means of social engineering and gaining access to employees' Okta authentication. Oh, and Okta also has no idea how the hackers actually managed to pull this off...yikes.
Multiple countries and law enforcement agencies collaborated to take down the ransomware group's data leak site. While some modern ransomware groups are open to negotiation, RagnarLocker has a take-it-or-leave-it kind of vibe. They also try to use scare tactics to discourage victims from contacting the FBI, so this bust comes with an extra fresh dose of karma.
The District of Columbia Board of Elections (DCBOE) has announced that a threat actor breached their web server in early October and allegedly has access to the entire voter role of the District of Columbia. The exposed data contains a significant amount of personally identifiable information, such as driver's license numbers, dates of birth, partial social security numbers, and contact information like phone numbers and email addresses.
TL;DR
- If your organization uses Okta for ID verification, you should do a systems audit at the very least
- Say goodbye to RagnarLocker and hello to... (insert next inevitable major ransomware name here)
- The government can't keep your data safe, why would you trust any private company to?
Every week, I come back here and preach the same message: Your data is vulnerable. Safeguarding it is in your best interest. It's also part of a proactive and comprehensive privacy strategy. Use of a VPN like Windscribe is one of many tools in your arsenal you should be using to keep hackers at bay and your data safe.