Okta confirms hundreds of customers could be affected by data breach

Data Breach
(Image credit: Shutterstock)

Okta has confirmed it suffered a data breach on one of its related endpoints, and said a small percentage of its customers have been affected.

In a comapny blog post, Okta Chief Security Officer David Bradbury said a more thorough investigation had found roughly 2.5% of its customers had been impacted by the breach, and their data potentially viewed or acted upon.

Okta is thought to have around 15,000 customers worldwide, meaning hundreds of organizations could have been affected.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Lapsus$ strikes again

Bradbury noted that the company had alerted any impacted users, saying “if you are an Okta customer and were impacted, we have already reached out directly by email.”

The company’s service remains “fully operational”, the CSO reiterated, adding that its customers need to take no corrective actions. 

News of the breach, suspected to have occured in January 2022 by threat actors in the Lapsus$ group, broke earlier this week. The hacker group posted screenshots on its Telegram channel, claiming they depict Okta’s internal company environment, including internal tickets and in-house Slack chats. 

A live webinar is also planned for today, where Bradbury will share more technical details. The webinar is scheduled for 8 am PDT, and 4 pm PDT. Those interested can register for the event on this link.

Okta CEO Todd McKinnon has since said that the incident was not related to a new hack, but an earlier issue.

"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor," he tweeted.

"We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January." Some have now questioned if this timing means Lapsus$ may in fact have had access to Okta's systems since January 2022.

Besides sharing the screenshots, the threat actor claimed to be focused “ONLY on Okta customers”. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.