Security Breach at Okta

A security breach of identity-management software company Okta was more extensive than first thought.

More than five weeks after Okta first told customers of the September breach, the company's chief security officer, David Bradbury, wrote in a blog post Wednesday that hackers had stolen information on all users of its customer support system.

The admission is a far cry from the company's prior contention that the incident had impacted less than 1% of users.

Okta's initial investigation overlooked actions signaling all of the company's certified users were impacted during the attack, Bradbury noted.

"While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks," Bradbury wrote.

The developments came after casino giants Caesar's Entertainment and MGM Resorts were breached, with hackers succeeding to social engineer workers into resetting the multifactor login requirements for Okta administrator accounts.

Some of the world's biggest companies — FedEx, Hewlett Packard and T-Mobile among them — use Okta to secure access to their computer systems (Paramount, which owns CBS News, is also an Okta customer).

Okta has approximately 17,000 customers and manages around 50 billion users, as stated in March.

Shares of Okta decreased by 2.5% to $70.77 on Wednesday.

The average cost of a data breach in the United States reached nearly $4.5 million this year, marking a growth of over 15% from $3.9 million in 2020, according to IBM.

Ransomware attacks and other forms of cybercrime have significantly increased in recent years, primarily targeting companies that utilize internet cloud services for data storage.