According to Reuters, Okta, an authentication business used by thousands of organizations around the world, is investigating news of a possible compromise.
The news comes as Lapsus$, a hacker group, has shared screenshots of Okta’s internal systems to its Telegram channel, including one that appears to show Okta’s Slack conversations and another with a Cloudflare interface.
What’s New?
Lapsus$ claims to have had access to Okta’s systems for two months on its Telegram channel, but says its emphasis is “just on Okta customers.”
According to the Wall Street Journal, Okta has over 15,000 customers worldwide, including businesses, government entities, and colleges, according to a recent filing.
On its website, it cites Peloton, Sonos, T-Mobile, and the FCC as customers.
What’s More?
Okta spokesperson Chris Hollis downplayed the event in a statement to The Verge, saying the company has discovered no indication of an ongoing attack.
Okta identified an attempt to hack the account of a third-party customer support engineer working for one of our sub processors in late January 2022.
The sub processor looked into the situation and was able to limit it.” Hollis explained. “We suspect the screenshots circulated on the internet are related to the January incident.”
Digging In More Details
“Based on our investigation to date,” Hollis stated, “there is no evidence of ongoing malicious activity beyond the activity found in January.”
However, Lapsus$ stated in their Telegram channel that it had access for a few months.
Lapsus$ is a hacker collective that has claimed responsibility for a slew of high-profile hacking incidents involving Nvidia, Samsung, Microsoft, and Ubisoft, taking hundreds of gigabytes of sensitive data in some cases.
