Okta (opens in new tab) has confirmed it suffered a data breach on one of its related endpoints (opens in new tab), and said a small percentage of its customers have been affected.
In a comapny blog post (opens in new tab), Okta Chief Security Officer David Bradbury said a more thorough investigation had found roughly 2.5% of its customers had been impacted by the breach, and their data potentially viewed or acted upon.
Okta is thought to have around 15,000 customers worldwide, meaning hundreds of organizations could have been affected.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Lapsus$ strikes again
Bradbury noted that the company had alerted any impacted users, saying “if you are an Okta customer and were impacted, we have already reached out directly by email.”
The company’s service remains “fully operational”, the CSO reiterated, adding that its customers need to take no corrective actions.
News of the breach, suspected to have occured in January 2022 by threat actors in the Lapsus$ group, broke earlier this week. The hacker group posted screenshots on its Telegram channel, claiming they depict Okta’s internal company environment, including internal tickets and in-house Slack chats.
A live webinar is also planned for today, where Bradbury will share more technical details. The webinar is scheduled for 8 am PDT, and 4 pm PDT. Those interested can register for the event on this link (opens in new tab).
> Okta reportedly hit in serious breach - Lapsus$ strikes again? (opens in new tab)
> Microsoft may be the latest victim of Lapsus$ (opens in new tab)
> Ubisoft fans need to change their passwords now (opens in new tab)
Okta CEO Todd McKinnon has since said that the incident was not related to a new hack, but an earlier issue.
"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor," he tweeted.
"We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January." Some have now questioned if this timing means Lapsus$ may in fact have had access to Okta's systems since January 2022.
Besides sharing the screenshots, the threat actor claimed to be focused “ONLY on Okta customers”.
- Check out our list of the best firewalls (opens in new tab) right now