Saturday, September 23

Okta investigating claims of customer data breach from Lapsus$ group


Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach.

On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be Okta’s customer data.

As publicly-traded company worth over $6 billion, Okta employees over 5,000 people across the world and provides software services to major organizations including Siemens, ITV, Pret a Manger, Starling Bank, among others.

Lapsus$ claims to have Okta customer data

Data extortion group Lapsus$ claims to have acquired “superuser/admin” access to and that it accessed Okta’s customer data, as seen by BleepingComputer:

Lapsus claims to have breached Okta
Lapsus$ claims to have obtained Okta customer data (BleepingComputer)

“Okta is aware of the reports and is currently investigating,” an Okta spokesperson told BleepingComputer.

“We will provide updates as more information becomes available.”

Screenshots shared by Lapsus$, as seen by BleepingComputer, show the system date set to January 21st, 2022, indicating the hack may have occurred months ago.

Okta co-founder and CEO Todd McKinnon has now confirmed this:

“We believe the screenshots shared online are connected to this January event,” says McKinnon.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

The development follows Lapsus$’ this week’s claim that it breached Microsoft’s internal Azure DevOps server.

On Monday, Lapsus$ leaked what it claims to be 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects, and Microsoft confirmed it was investigating.

Also Read  More Fort Bragg paratroopers are being alerted to deploy to Europe

Additionally, the group claimed today that they have breached LG Electronics (LGE) for the “second time” in a year, although BleepingComputer has not confirmed this claim:

Lapsus claims to have breached LG Electronics
Lapsus$ says it also breached LG Electronics (BleepingComputer)

Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies such as Samsung, NVIDIA, and Mercado Libre who confirmed this month it had suffered a breach.

Data extortion groups like Lapsus$ breach victims, but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met.

If Lapsus$’s claims of breaching Okta’s systems turn out to be accurate, it remains yet to be found out how many of Okta’s customers were impacted and to what extent.

Update March 22nd, 5:24 AM ET: Added new statement from Okta CEO McKinnon.

Leave a Reply

Your email address will not be published. Required fields are marked *