Businesses brace for impact after hackers claim Okta has been hacked
UPDATE: Okta has published an updated statement(Opens in a new window) which tries to downplay the potential hack even as the company continues to investigate the incident.
“The Okta service has not been breached and remains fully operational. There are no corrective actions to be taken by our customers,” the company wrote.
The statement goes on to say that Okta discovered a “failed attempt” in January to compromise a customer support engineer who worked for a third-party vendor. “As part of our normal procedures, we notified the provider of the situation, while also terminating the user’s active Okta sessions and suspending the individual’s account,” Okta said.
Curiously, the same statement says the hackers had a “five-day time window” between January 16 to 21 to gain access to the support engineer’s laptop. However, Okta claims that the support engineer still did not have direct access to customer systems.
“These engineers are not able to create or delete users, or download customer databases. Support engineers have access to limited data – such as Jira tickets and user lists – which was seen in the screenshots (leaked by LAPSUS$),” the company added . “Support engineers are also able to facilitate password resets and MFA(Opens in a new window) factors for users but is unable to obtain these passwords.”
Okta markets itself as the “World’s #1 Identity Platform,” but today the company is investigating a digital breach that could affect thousands of companies.
As Reuters reports(Opens in a new window), hackers from the LAPSUS$ group posted screenshots of the company’s internal environment, suggesting they gained access to it. Since Okta manages secure user authentication for more than 15,000 global brands around the world, such a breach is a nightmare scenario for both Okta and all the companies it counts as customers.
Recommended by our editors
Chris Hollis, Senior Manager, Security and Crisis Communications at Okta, confirmed that the investigation is ongoing, but also pointed out that this may be related to an incident the company was able to cover earlier this year. Back in January, there was an attempt to compromise the account of a third-party customer support technician. Hollis explained(Opens in a new window):
“We believe the screenshots shared online are related to this January incident. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity discovered in January.”
The hacking group LAPSUS$ is causing serious headaches for a number of large organizations. They have successfully infiltrated Nvidia, Samsung and potentially Microsoft as well. Now, however, Okta appears to be their main focus because of the treasure trove of company information it has access to. A post on the LAPSUS$ Telegram channel late yesterday stated that the group is focusing its efforts on Okta customers.
We are now awaiting the conclusion of Okta’s investigation and will update our coverage if and when the severity of this breach is confirmed.
Get our best stories!
Sign up What’s new now to get our best stories delivered to your inbox every morning.