Okta, an hallmark company used by thousands of organizations around the world, confirmed that an attacker gained access to one of its employees’ laptops for five days in January 2022 – but claims that its service “has not been hacked and is still fully functional”.
The revelation comes as hacking grouping $Lapsus has published screenshots of its Telegram channel claiming to be from Okta’s internals, including 1 that appears to show Okta Slack channels, and one with a Cloudflare interface.
Any hack of Okta could have major repercussions for businesses, universities, and government agencies that rely on Okta to authenticate user access to internal systems.
Only In a argument Tuesday afternoonNow, Okta says the assaulter but had limited access during that five-mean solar day menstruum — limited enough that the company claims there are “no corrective actions our customers should take.”
Here is what David Bradbury, Okta’s master security officer, says is at take chances when a support engineer is compromised:
The potential touch on of Okta’s customers is limited to the reach of the support engineers. These engineers are unable to create or delete users, or download client databases. Back up engineers have access to express information – for example, Jira tickets and user lists – seen in the screenshots. Support engineers are also able to facilitate password resets and MFA Users agents, simply they are unable to get these passwords.
Hacking group $Lapsus, writing on its Telegram channel, claims to have had “user/administrator” access to Okta’southward systems for two months, not just five days, and to have access to a thin client instead of a laptop, and claims to have constitute Okta stores AWS Keys in Slack Channels. The group also indicated that it was using its zero access in Okta clients.
The Wall Street Periodical
Notes That in a contempo filing, Okta said information technology has more than than xv,000 customers worldwide. Information technology lists the likes of Peloton, Sonos, T-Mobile, and FCC equally customers On her website.
In a previous argument sent to
the edgeOkta spokesperson Chris Hollis said the company has found no evidence of an ongoing assault. “In late Jan 2022, Okta discovered an effort to hack into the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and independent past the subprocessor.” Hollis said. “We believe the screenshots shared online are related to this January event.”
“Based on our investigation to date, there is no evidence of ongoing malicious activity other than the activity detected in Jan,” Hollis connected. Merely again, I write in their Telegram channel, Propose Lapsus $ He managed to become through for a few months.
This is our third endeavour at sharing the photo from five to eight. $LAPSUS displayed a lot of sensitive data and/or user information, so we end up missing out to censor some of them.
Pictures five-eight are attached below. pic.twitter.com/KGlI3TlCqT
– vx-underground (vxunderground) March 22 2022
$Lapsus is a hacking group that has claimed responsibility for a number of notable incidents that affected nvidiaAnd the SamsungAnd the MicrosoftAnd the UbisoftIn some cases, they steal hundreds of gigabytes of confidential data.
Okta says it ended Okta’south support engineer sessions and suspended the business relationship back in January, merely claims that information technology just received the concluding report from its forensic firm this week.
Update, 2:38 p.g. ET:
Okta’s statement and claims added that the breach was very limited, with no corrective actions to be taken.
Update, two:58 p.m. ET:
The Lapsus $hacker group added that it had access to a thin customer instead of a laptop, and that it found Okta storing AWS keys in Slack channels.
“Beer aficionado. Gamer. Booze fanatic. Evil food trailblazer. Avid bacon maven.”