San Francisco-based identity authentication service provider, Okta, is investigating a digital breach after cybercriminals posted screenshots of their internal systems online.
Cybercriminal group Lapsus$ claims to have breached Okta’s systems and allegedly have the ability to reset employee passwords as well as access to the company’s Jira and Slack accounts.
Update [22/03/2022]: Okta confirmed the breach on Tuesday and says that one of its third-party contractor’s laptop was hacked for five days in January (16-21), which may have affected about 366 (or 2.5%) of their thousands of customers. These customers will be contacted directly by Okta via email.
“The Okta service is fully operational, and there are no corrective actions our customers need to take. If you are an Okta customer and were impacted, we have already reached out directly by email,” said David Bradbury, Chief Security Officer, Okta.
Okta is aware and currently investigating the breach, as reported by Reuters.
According to security researcher Bill Demirkapi, the ransomware group could’ve had access to these system files for over two months, as some screenshots of the breach show the date January 21, 2022.
According to Okta’s website, over 15000 customers use their services, including customer and workforce identification and verification. Several big names, including T-Mobile, Siemens, Nasdaq, Major League Baseball and Hitachi, can be potentially affected by the breach as they leverage Okta’s authentication and management products to streamline their workflows.
For a company that prides itself on secure identity authentication, a breach of the alleged scale doesn’t instil confidence in the cybersecurity measures they’ve got in place.
In the News: Chinese hotels being targeted by suspected DarkHotel APT