In a letter to customers that received on Tuesday, Okta claimed that hackers who broke into the cybersecurity company’s customer support system obtained data from all of the company’s customer assistance users. This is a significantly more extensive breach than the company had previously anticipated.
Okta Says Hackers Stole Data For All Customer Support Users
During the pre-market trading session on Wednesday morning, the announcement caused shares to drop by as much as seven percent; however, the company recovered after Okta reported results that were higher than market expectations.
When the company first announced the broader breach in a blog post that was submitted to the SEC, it was initially anticipated that it would report earnings after the bell. However, the company decided to move its report forward to the morning, shortly after the disclosure.
The adjusted earnings per share that the company posted were 44 cents, which was more than the 30 cents that analysts polled by LSEG, which was formerly known as Refinitiv, were anticipating. The revenue for the third quarter came in at $584 million, which was higher than the estimate of $563 million that was generally accepted.
Okta issued a warning that as a result of the expanded scope, consumers are more likely to be the target of increased assaults or phishing attempts. It was revealed by a spokeswoman for Okta that clients who work in locations associated with the government or the Department of Defence were not affected by the hack.
According to what Okta stated in the letter, there is no “direct evidence” that the hackers who have not been identified are utilising the data that they extracted to attack businesses. In the letter, it is mentioned that 99.6% of those clients had their entire names and email addresses exposed.
In order to provide assistance with our investigation, we are collaborating with a digital forensics company, and after the investigation is finished, we will distribute the report to our customers. A spokeswoman told CNBC that “in addition, we will also notify individuals who have had their information downloaded.”
Okta, on the other hand, offers identity management solutions to thousands of small and large enterprises, enabling these companies to provide their employees with a single point of sign-on. Additionally, this makes Okta a prominent target for cybercriminals, who can take advantage of flaws or misconfigurations in order to get access to a wide variety of additional targets.
In the high-profile attacks that were carried out against MGM and Caesars, for instance, threat actors utilised social engineering strategies in order to take advantage of IT support desks and target the Okta platforms of those companies. Each of those two episodes resulted in direct and indirect damages that exceeded one hundred million dollars, including a ransom payment from Caesars that was in the multi-million dollar range.
The initial disclosure made by Okta was that its customer assistance system had been compromised; nevertheless, the company stated at the time that approximately 130 customers had been affected by the attack. The announcement caused the share price of the company to drop by more than 11%, which ultimately resulted in a loss of about $2 billion in market capitalization.