Okta revealed that the recent breach on its customer support system affected all of the cybersecurity firm’s customer support users, a more extensive compromise than initially reported. The heightened scope of the incursion raises the risk of increased attacks or phishing attempts for the impacted customers. However, Okta clarified that customers in government or Department of Defense environments were not affected by the breach. The company is collaborating with a digital forensics firm to investigate the incident, and the findings will be shared with customers upon completion. Individuals whose information was downloaded will also be notified.
Okta provides identity management solutions to numerous small and large businesses, offering a single sign-on point for employees. This makes the company an attractive target for hackers seeking to exploit vulnerabilities and gain access to multiple targets. Previous high-profile attacks on MGM and Caesars involved threat actors using social engineering tactics to exploit IT help desks and target Okta platforms, resulting in significant direct and indirect losses exceeding $100 million.
Earlier this month, Okta initially disclosed the breach, stating that approximately 130 customers were affected. The revelation led to a more than 11% drop in Okta’s share price, wiping out around $2 billion in market cap. Okta is scheduled to report its fiscal third-quarter earnings after the bell on Wednesday. The expanded impact of the breach underscores the challenges companies face in securing customer support systems and the potential ripple effects on businesses relying on identity management solutions.