Okta reveals that the security breach disclosed in October was significantly more severe than initially anticipated. (CBS News)
Okta, an identity-management software company, revealed a more extensive security breach than initially disclosed, according to a blog post by the company's chief security officer, David Bradbury, on Wednesday. Bradbury mentioned that hackers had accessed information on all users of Okta's customer support system, in contrast to the previous claim that less than 1% of users were affected.
The company's initial investigation failed to detect hacker activities that revealed the compromise of all certified users during the attack, as Bradbury highlighted. Despite no direct knowledge of active exploitation, Bradbury acknowledged the potential risk of the threat actor using this data for targeting Okta customers through phishing or social engineering attacks.
The recent developments followed security breaches at major casino firms, Caesar's Entertainment and MGM Resorts, where hackers manipulated employees into resetting multifactor login requirements for Okta administrator accounts.
Okta is utilized by prominent corporations like FedEx, Hewlett Packard, T-Mobile, and Paramount, the owner of CBS News, to fortify access to their computer systems. As of March, Okta reported serving approximately 17,000 customers and managing roughly 50 billion users.
In the wake of this news, Okta's shares took a 2.5% decline to $70.77 on Wednesday. The cost of data breaches in the United States surged close to $4.5 million this year, marking a more than 15% increase from $3.9 million in 2020, as reported by IBM.
Cybersecurity threats, such as ransomware attacks, have been on a significant rise, especially targeting companies that utilize internet cloud services for data storage in recent years.
