Okta whose authentication services are used by companies including Fedex and Moody’s to provide access to their networks, said on Tuesday that it had been hit by hackers and that some customers may have been affected.
The scope of the breach is still unclear, but it could have major consequences because thousands of companies rely on San Francisco-based Okta to manage access to their networks and applications.
Chief Security Officer David Bradbury said in a blog post that the computer of a customer support engineer working for a third-party contractor was accessed by the hackers for a five-day period in mid-January and that “the potential impact to Okta customers is limited to the access that support engineers have.”
“There are no corrective actions that need to be taken by our customers,” he said.
Nevertheless, Bradbury acknowledged that support engineers were able to help reset passwords and that some customers “may have been impacted.” He said the company was in the process of identifying and contacting them.
The nature of that impact wasn’t clear, and Okta did not immediately respond to an email asking how many organizations were potentially affected or how that squared with Okta’s advice that customers did not need to take corrective action.
On its website, Okta describes itself as the “identity provider for the internet” and says it has more than 15,000 customers on its platform.
It competes with the likes of Microsoft, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multifactor authentication used to help users securely access online applications and websites.