Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach.
On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be Okta’s customer data.
As publicly-traded company worth over $6 billion, Okta employees over 5,000 people across the world and provides software services to major organizations including Siemens, ITV, Pret a Manger, Starling Bank, among others.
Lapsus$ claims to have Okta customer data
Data extortion group Lapsus$ claims to have acquired “superuser/admin” access to Okta.com and that it accessed Okta’s customer data, as seen by BleepingComputer:
“Okta is aware of the reports and is currently investigating,” an Okta spokesperson told BleepingComputer.
“We will provide updates as more information becomes available.”
Screenshots shared by Lapsus$, as seen by BleepingComputer, show the system date set to January 21st, 2022, indicating the hack may have occurred months ago.
Okta co-founder and CEO Todd McKinnon has now confirmed this:
In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)
— Todd McKinnon (@toddmckinnon) March 22, 2022
“We believe the screenshots shared online are connected to this January event,” says McKinnon.
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
The development follows Lapsus$’ this week’s claim that it breached Microsoft’s internal Azure DevOps server.
On Monday, Lapsus$ leaked what it claims to be 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects, and Microsoft confirmed it was investigating.
Additionally, the group claimed today that they have breached LG Electronics (LGE) for the “second time” in a year, although BleepingComputer has not confirmed this claim:
Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies such as Samsung, NVIDIA, and Mercado Libre who confirmed this month it had suffered a breach.
Data extortion groups like Lapsus$ breach victims, but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met.
If Lapsus$’s claims of breaching Okta’s systems turn out to be accurate, it remains yet to be found out how many of Okta’s customers were impacted and to what extent.
Update March 22nd, 5:24 AM ET: Added new statement from Okta CEO McKinnon.
George is Digismak’s reported cum editor with 13 years of experience in Journalism