In this photo illustration, an Okta logo is displayed on a smartphone.
Rafael Henrique | SOPA Images | LightRocket | Getty Images
Hackers who compromised Okta’s customer support system stole data from the entire cybersecurity firm’s customer support users, Okta said in a letter to clients Tuesday, a far greater incursion than the corporate initially believed.
The expanded scope opens those customers as much as the danger of heightened attacks or phishing attempts, Okta warned. An Okta spokesperson told CNBC that customers in government or Department of Defense environments weren’t impacted by the breach.
“We are working with a digital forensics firm to support our investigation and we can be sharing the report with customers upon completion. In addition, we will even notify individuals which have had their information downloaded,” a spokesperson said in an announcement to CNBC.
Nonetheless, Okta provides identity management solutions for 1000’s of small and huge businesses, allowing them to present employees a single point of sign on. It also makes Okta a high-profile goal for hackers, who can exploit vulnerabilities or misconfigurations to realize access to a slew of other targets.
In the high profile attacks on MGM and Caesars, for instance, threat actors used social engineering tactics to take advantage of IT help desks and goal those company’s Okta platforms. The direct and indirect losses from those two incidents exceeded $100 million, including a multi-million dollar ransom payment from Caesars.
Bloomberg first reported on the letter to Okta customers.
Okta first disclosed earlier this month that its customer support system had been hacked but said on the time that around 130 customers were impacted by the breach. The news sent the corporate’s share price down greater than 11% and ultimately worn out around $2 billion in market cap.
Okta is slated to report its fiscal third-quarter earnings after the bell Wednesday.