SAN FRANCISCO – Okta has discovered that hackers who breached its network two months ago stole information on all users of its customer support system – a scope far greater than the 1 per cent of customers the company had previously said were affected.
The company, which manages user authentication services for thousands of institutions, notified customers in a letter on Nov 28 that it has now determined the hackers downloaded a report containing data including names and e-mail addresses for all clients in its customer support system.
As a result, Okta warned customers may face an increased risk of attacks and urged them to use strong multi-factor authentication.
Shares plunged as much as 10 per cent to US$65 in pre-market trading before the company reported earnings that beat estimates and erased some of those losses. The stock was down 2.8 per cent to US$70.56 as markets opened in New York.
The findings on Nov 28 underscore how the San Francisco-based firm continues to grapple with the fallout of the cyber attack first disclosed in October, when it estimated that about 184 clients – representing roughly 1 per cent of customers – were affected.
It was not the first time Okta had been breached. A hacking group broke into its system in 2022 and posted screenshots that appeared to show access to Okta accounts.
Chief executive Todd McKinnon vowed after that attack to work to restore trust in Okta’s brand.
Okta confirmed that it sent a notice to customers on Nov 28, warning them that they may face an increased risk of phishing and social engineering attacks. The company also said it pushed new security features and recommendations to defend against targeted attacks.
“We are working with a digital forensics firm to support our investigation, and we will be sharing the report with customers upon completion,” Okta said in a statement.
Okta said in the customer notice that a recent audit found more data was stolen than the company had initially thought, prompting the firm to revise its findings.
It also discovered that some Okta employee information was included in stolen reports, according to the customer notice reviewed by Bloomberg.
The customer report contained fields for customer usernames, company names and mobile phone numbers, Okta said, while noting that the majority of the fields were blank and did not include credentials or sensitive personal data.
For more than 99 per cent of customers listed in the report, Okta said, contact information consisted of full names and e-mail addresses.
Many of the affected users of the customer support system are Okta administrators, according to the company’s notice.
In reporting financial results, the company forecast adjusted earnings of 50 US cents to 51 US cents a share for the fourth quarter, beating the 36-US cent average of Wall Street estimates. BLOOMBERG