Hackers who compromised Okta’s customer support system stole data from all of the cybersecurity firm’s customer support users, Okta said in a letter to clients Tuesday, a far greater incursion than the company initially believed.
The expanded scope opens those customers up to the risk of heightened attacks or phishing attempts, Okta warned. An Okta spokesperson told CNBC that customers in government or Department of Defense environments were not impacted by the breach.
“We are working with a digital forensics firm to support our investigation and we will be sharing the report with customers upon completion. In addition, we will also notify individuals that have had their information downloaded,” a spokesperson said in a statement to CNBC.
Nonetheless, Okta provides identity management solutions for thousands of small and large businesses, allowing them to give employees a single point of sign on. It also makes Okta a high-profile target for hackers, who can exploit vulnerabilities or misconfigurations to gain access to a slew of other targets.
In the high profile attacks on MGM and Caesars, for example, threat actors used social engineering tactics to exploit IT help desks and target those company’s Okta platforms. The direct and indirect losses from those two incidents exceeded $100 million, including a multi-million dollar ransom payment from Caesars.
Bloomberg first reported on the letter to Okta customers.
Okta first disclosed earlier this month that its customer support system had been hacked but said at the time that around 130 customers were impacted by the breach. The news sent the company’s share price down more than 11% and ultimately wiped out around $2 billion in market cap.
Okta is slated to report its fiscal third-quarter earnings after the bell Wednesday.
Read the full article here
