Okta Says Hackers Stole Data for All Customer Support Users

Graham Starr, Bloomberg News

The Okta Inc. logo on a smartphone arranged in Dobbs Ferry, New York, U.S., on Sunday, Feb. 28, 2021. Okta Inc. is scheduled to release earnings figures on March 3. Photographer: Tiffany Hagler-Geard/Bloomberg , Bloomberg

(Bloomberg) -- Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.

The company, which manages user authentication services for thousands of institutions, notified customers in a letter Tuesday that it has now determined the hackers downloaded a report containing data including names and email addresses for all clients in its customer support system. As a result, Okta warned customers may face an increased risk of attacks and urged them to use strong multifactor authentication.

Shares plunged as much as 10% to $65 in premarket trading before the company reported earnings that beat estimates and erased some of those losses. The stock was down 2.8% to $70.56 as markets opened in New York.

Tuesday’s findings underscore how the San Francisco-based firm continues to grapple with the fallout of the cyberattack first disclosed last month, when it estimated that about 184 clients — representing roughly 1% of customers — were affected. It wasn’t the first time Okta had been breached: A hacking group broke into its system last year and posted screenshots that appeared to show access to Okta accounts. Chief Executive Officer Todd McKinnon vowed after that attack to work to restore trust in Okta’s brand.

Okta confirmed that it sent a notice to customers on Tuesday, warning them that they may face an increased risk of phishing and social engineering attacks. The company also said it pushed new security features and recommendations to defend against targeted attacks.

“We are working with a digital forensics firm to support our investigation and we will be sharing the report with customers upon completion,” Okta said in a statement.

Read More: Okta Falls on News That Hackers Viewed Some Customer Files

Okta said in the customer notice that a recent audit found more data was stolen than the company had initially thought, prompting the firm to revise its findings. It also discovered that some Okta employee information was included in stolen reports, according to the customer notice reviewed by Bloomberg.

The customer report contained fields for customer user names, company names and mobile phone numbers, Okta said, while noting that the majority of the fields were blank and didn’t include credentials or sensitive personal data. For more than 99% of customers listed in the report, Okta said, contact information consisted of full names and email addresses.

Many of the affected users of the customer support system are Okta administrators, according to the company’s notice.

In reporting financial results, the company forecast adjusted earnings of 50 cents to 51 cents a share for the fourth quarter, beating the 36-cent average of Wall Street estimates.

(Updates share price in third paragraph)