Okta probes possible data breach linked to Lapsus$ hacker group
Explore More
Identity authentication firm Okta downplayed the extent of an apparent security breach on Tuesday after prominent hacker group Lapsus$ posted screenshots purportedly containing sensitive information from its internal systems.
A potential security breach at Okta could have major implications given the company’s roster of high-profile clients. Customers listed on its website include FedEx, JetBlue, Peloton, T-Mobile and the Federal Communications Commission.
Okta said its preliminary investigation found the screenshots were likely related to a January cybersecurity incident and were not thought to be a sign of an ongoing breach of its system.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor,” an Okta spokesperson said in a statement.
“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” the spokesperson added.
Okta shares were down more than 3% in midday trading.
Okta responded after Lapsus$ posted screenshots on the Telegram app they claimed to depict the company’s internal systems. One of the screenshots showed data related to web infrastructure firm Cloudflare.
In its posts, Lapsus$ said it did not steal data from Okta and was focusing on the company’s customers.
Cloudflare CEO Matthew Prince said the company’s team had investigated the matter and concluded its systems weren’t compromised.
“We use Okta internally for employee identity as part of our authentication stack,” Prince said in a blog post. “We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.”
Lapsus$ has drawn scrutiny in recent months after claiming responsibility for a series of high-profile incidents, including data breaches impacting Nvidia and Samsung.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, told Reuters the breach appeared authentic and urged Okta customers to be “very vigilant right now.”
ncG1vNJzZmimqaW8tMCNnKamZ2Jlf3N7j2xma2pfpLi1rYypqaialah6sbvSrKCbpJVisaLAwGaZq52RmLVuuMinop6cXam8brjAqaquq12drqS3xKtkoKqfqr1w