Okta admits hackers accessed the data of all customers during the October breach

The U.S.-based identity management leader Okta has admitted that the October breach of their support systems has exposed data related to all of its customers. This is a massive change in scope of the incident from its initial claim that only 134 customers were impacted, representing roughly 1% of its customer base, were impacted.

Okta's Chief Security Officer, David Bradbury, revealed that a more comprehensive assessment showed all customers were impacted to some extent.

While the majority, about 99.6%, had only their full names and email addresses accessed, a smaller number also had phone numbers, usernames, and specific employee role details compromised. Okta, with approximately 18,000 customers including major companies like 1Password, Cloudflare, OpenAI, and T-Mobile, is now alerting customers to the heightened risk of phishing and social engineering attacks, especially in light of past activities by the Scattered Spider hacking group.

Okta is urging its customers to adopt multi-factor authentication and phishing-resistant authenticators, such as physical security keys, to enhance security. Their follow-up investigation also revealed that the breach exposed contact information of all Okta-certified users and some contacts of Okta Customer Identity Cloud (CIC) customers, along with some employee data, though the extent of employee data breach is yet to be confirmed.

The identity of the perpetrators behind this incident remains unknown.