Okta, a US access and identity management company, disclosed that all of its customers' data was compromised during a recent support system breach, contradicting its October statement that only a fraction were affected.

The breach, initially confirmed in October, originated when a hacker exploited a stolen credential to access Okta's support case management system, pilfering customer-uploaded session tokens that provided access to the networks of Okta customers.

In contrast to Okta's initial assertion that roughly 1% of its customers, or 134 firms, were impacted, a blog post by Okta's Chief Security Officer, David Bradbury, published on Wednesday revealed that further investigation unveiled the far-reaching consequences, affecting all of Okta's approximately 18,000 customers, TechCrunch reported.

What Type of Data Were Stolen?

The breach, occurring on September 28, saw a hacker obtain a report containing data about all Okta customer support system users. While the vast majority of customers (99.6%) had only their full names and email addresses accessed, a subset faced potential exposure of additional details, including phone numbers, usernames, and specifics of employee roles.

Despite the absence of direct evidence of active exploitation, Okta acknowledged the potential for threat actors to leverage this information in phishing or social engineering attacks. The Scattered Spider hacking group, also known as Oktapus, known for employing social engineering tactics, has previously targeted Okta customers, including prominent entities like Caesars Entertainment and MGM Resorts.

Okta is advising all of its customers to adopt multi-factor authentication and deploy phishing-resistant authenticators, such as physical security keys.

Subsequent analysis by Okta revealed that the threat actor accessed "additional reports and support cases," encompassing contact information for all Okta-certified users and certain Okta Customer Identity Cloud (CIC) customer contacts. While Okta employee information was included in these reports, the extent of its impact on the company's 6,000 employees remains unconfirmed.

Read Also: Protect Yourself: Best Antivirus Tools of 2023 You Need to Use Right Now

Okta assures that none of its government customers are affected, and its Auth0 support case management system remains unharmed. The identity of the threat actors responsible for the breach remains undisclosed.

Okta Shares Impacted by Data Breach Issue

This incident follows Okta's recent caution to nearly 5,000 current and former employees regarding the exposure of their personal information due to a breach at its healthcare coverage provider, Rightway Healthcare, according to Bleeping Computer.

Okta's history of breaches includes a 2022 incident where hackers accessed confidential source code information stored in private GitHub repositories. The Lapsus$ extortion group had claimed a similar hack earlier in March, impacting approximately 2.5% of Okta's customer base.

News of the widespread data breach impacted Okta's shares, causing a 5% decline on Wednesday morning, as reported by CNBC. Despite the breach revelation, Okta posted Q3 earnings that surpassed estimates, reporting adjusted earnings per share of 44 cents against analyst expectations of 30 cents. Third-quarter sales exceeded the average forecast of $563 million at $584 million.

Okta is investigating the intrusion with a digital forensics company and will contact affected customers. The company emphasized its commitment to cybersecurity measures, given its critical role in providing identity management solutions to numerous businesses.

Related Article: Philippines SEC Blocks Binance Following CEO's US Anti-Money Laundering Violations Guilty Plea