Skip to content

Okta’s systems allegedly breached by Lapsus$ ransomware group

San Francisco-based identity authentication service provider, Okta, is investigating a digital breach after cybercriminals posted screenshots of their internal systems online.

Cybercriminal group Lapsus$ claims to have breached Okta’s systems and allegedly have the ability to reset employee passwords as well as access to the company’s Jira and Slack accounts.

Update [22/03/2022]: Okta confirmed the breach on Tuesday and says that one of its third-party contractor’s laptop was hacked for five days in January (16-21), which may have affected about 366 (or 2.5%) of their thousands of customers. These customers will be contacted directly by Okta via email.

“The Okta service is fully operational, and there are no corrective actions our customers need to take. If you are an Okta customer and were impacted, we have already reached out directly by email,” said David Bradbury, Chief Security Officer, Okta.

Okta is aware and currently investigating the breach, as reported by Reuters.

According to security researcher Bill Demirkapi, the ransomware group could’ve had access to these system files for over two months, as some screenshots of the breach show the date January 21, 2022.

According to Okta’s website, over 15000 customers use their services, including customer and workforce identification and verification. Several big names, including T-Mobile, Siemens, Nasdaq, Major League Baseball and Hitachi, can be potentially affected by the breach as they leverage Okta’s authentication and management products to streamline their workflows.

Okta internal system creenshot shared by Lapsus$ on their Telegram

For a company that prides itself on secure identity authentication, a breach of the alleged scale doesn’t instil confidence in the cybersecurity measures they’ve got in place.

In the News: Chinese hotels being targeted by suspected DarkHotel APT

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

We may earn a commission if you buy something from a link on this page. Thanks for your support.







>