Okta, an authentication company used by thousands of organizations around the world, says it is investigating news of a possible breach. Reuters reports† The revelation comes as hacking group Lapsus$ posted screenshots to its Telegram channel claiming to be from Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
Any hack from Okta could have major implications for the businesses, universities and government agencies that depend on Okta to authenticate user access to internal systems.
Writing in its Telegram channel, Lapsus$ claims to have had access to Okta’s systems for two months, but said the focus was “only on Okta customers.” The Wall Street Journal notes that Okta said in a recent filing that it had more than 15,000 customers around the world. It lists Peloton, Sonos, T-Mobile, and the FCC as customers on her website†
In a statement sent to The edgeOkta spokesman Chris Hollis downplayed the incident, saying Okta has found no evidence of an ongoing attack. “In late January 2022, Okta discovered an attempt to compromise the account of a third-party customer service representative who worked for one of our subprocessors. The matter has been investigated and is being considered by the sub-processor.” said Hollis. “We believe the screenshots shared online are related to this January event.”
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Hollis continued. However, writing in their Telegram channel, lapsus$ suggested that it had access for a few months.
This is our 3rd attempt to share the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so that we ended up missing a few to censor.
Photos 5 – 8 are attached below. pic.twitter.com/KGlI3TlCqT
— vx-underground (@vxunderground) March 22, 2022
Lapsus$ is a hacking group that has claimed responsibility for a number of high-profile incidents that hit Nvidia, Samsung, Microsoftand Ubisoft, who in some cases steal hundreds of gigabytes of confidential data.