Identity-management firm Okta admitted that all its customer support-system users were impacted by a hack in September after earlier claiming that “less than 1 percent” were affected by the breach.
The threat actor of the Sept. 28 hacking attack downloaded a report containing the following information of “all Okta customer support system users”: full name, username, email, address, phone, mobile, last login, account created date, company name, address, user type, date of last password change, role: name, role: description, and time zone, the company said in a Nov. 29 post. For 99.6 percent of users, the only contact information recorded in the report was full name and address.