In a recent update to its clientele, Okta, a prominent cyber security software developer, revealed that the October data breach was more extensive than initially presumed.
In a letter addressed to customers, Okta disclosed that hackers accessed data from all clients who utilized its customer support system, impacting its vast network of 17,000 clients. The breach, involving the extraction of a report containing names and email addresses of customer support clients, triggered an 11% nosedive in Okta’s shares, leading to a staggering $2 billion loss in market capitalization.
Okta, headquartered in San Francisco, is actively investigating the breach’s magnitude while ensuring transparent communication with affected customers. A spokesperson affirmed ongoing collaboration with a digital forensics firm to ascertain the full extent of the intrusion. The company vowed to furnish customers with investigation reports and notify individuals whose information was compromised.
Clarifying the scope of impact, the spokesperson assured that individuals associated with Government or Department of Defense environments remained unaffected.
The cyber intrusion reportedly exploited HTTP Archive files utilized by Okta support teams to diagnose technical issues by simulating customer browser activities. Although the company confirmed potential exposure of sensitive data such as cookies and session tokens, there is no evidence of active exploitation.
The breach compounds the list of cyber security attacks in 2023, raising concerns about Okta’s cloud-based software, extensively used by companies like Microsoft and Mitsubishi for unified employee sign-on. This exposure heightens the risk of cyber threats, potentially infiltrating software supply chains and client networks.
