Okta's October breach has taken a significant turn for the worse, with the company revealing that every single customer who had opened a Support ticket in the Okta Help Center was impacted by the breach, rather than just less than 1% of customers as initially stated. The breach occurred when a hacker gained access to an employee's personal Google account, which had stored credentials for a service account used by Okta. The hacker then accessed customer support cases and downloaded associated HAR files, which contained session tokens that were not scrubbed from the files. Okta has acknowledged that its initial response to the breach was slow and lacking in detail, and that it failed to reveal the malicious use of the service account in its October 20th announcement. The company's CISO has stated that the hacker used a standard template available from the dashboard to gather customer data, removing filters on the report to grab more data than intended. Okta is now advising customers to follow best practices and be vigilant for phishing attempts, with CEO Todd McKinnon stating that no new features will be launched for 90 days during this "hyper-focused phase".