Discovered by Okta Inc. that hackers who breached its network two months ago stole information on all users of its customer support system – a range larger than the 1% of customers the company previously said were affected.
The company, which manages user authentication services for thousands of institutions, informed customers in a letter on November 28 that it has now determined that hackers downloaded a report that contains data including names and email addresses for all clients of its customer support system. As a result, Okta warns customers that they may face an increased risk of phishing and social engineering attacks and encourages them to use strong multifactor authentication. The company also said it is pushing new security features and recommendations to protect against targeted attacks.
The latest findings highlight how the San Francisco-based company continues to deal with the fallout from the cyberattack that was first disclosed last month, when it estimated that 184 clients – representing roughly 1 % of customers – affected. This isn’t the first time Okta has been breached: A hacking group broke into its system last year and posted screenshots showing access to Okta accounts. Chief Executive Officer Todd McKinnon pledged after the attack to work to restore trust in Okta’s brand.
“We are working with a digital forensics firm to support our investigation and we will share the report with customers once it is complete,” Okta said in a statement.
Okta said in a customer notice that a recent audit found that more data was stolen than the company initially thought, prompting the company to revise its findings. It also discovered that some Okta employee information was included in the stolen reports, according to a customer notification reviewed by Bloomberg.
The customer report contains fields for customer usernames, company names and mobile phone numbers, Okta said, while noting that most fields are blank and do not include credentials or sensitive personal information. that data. For more than 99% of customers listed in the report, Okta said, contact information consists of full names and email addresses.
Many of the affected users of the customer support system are Okta administrators, according to the company’s announcement.
Shares were up about 1% at $74.38 at 7:22 am New York time after the company reported third-quarter adjusted earnings that beat analysts’ estimates. It also forecast adjusted earnings of 50 cents to 51 cents a share for the fourth quarter, beating the 36-cent average of Wall Street estimates.
Photo: Photographer: Tiffany Hagler-Geard/Bloomberg
Copyright 2023 Bloomberg.
Interested in Cyber?
Get automatic alerts for this topic.