Companies Unite Against Cyberattacks 1:00

(CNN) -- A cyberattack on popular identity management company Okta in September turned out to be far more extensive than previously believed, as hackers stole data from all users in the firm's customer service system, the company revealed Wednesday.

Okta's statement Wednesday stands in stark contrast to what it said earlier this month when it said it had determined, after an investigation, that the incident affected less than 1% of the more than 18,000 customers worldwide who use the company's tools to log into its networks.

  • Okta Admits Hundreds of Customers Could Be Affected by Cybersecurity Incident

San Francisco-based Okta said it has "no direct knowledge or evidence" that hackers are actively exploiting the information stolen in the latest hack. But chief security officer David Bradbury admitted in a blog post that the information could be used "to target Okta customers through phishing or social engineering attacks."

It's unclear who was behind the attack. An Okta spokesperson told CNN that the company does not plan to publicly hold a specific hacker group responsible for the incident, which was revealed in October.

According to Okta, the vast majority of the stolen information included customer names and email addresses.


This is the latest blow to a key cybersecurity provider that government agencies and corporations rely on as they try to keep hackers and spies out of their networks. Last January, a prolific group of young cybercriminals hacked Okta through one of the company's vendors in a different security incident that was much smaller in scope and potentially affected as many as 366 customers, according to Okta.

Okta's stock plunged Wednesday morning amid news of the latest cybersecurity incident, but has since recovered somewhat.