Okta, an authentication company used by thousands of organizations around the world, says it’s investigating news of a potential breach, Reuters reports.
The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems.
Writing in its Telegram channel, Lapsus$ claims to have had “Superuser/Admin” access to Okta’s systems for two months, but said its focus was “only on Okta customers.” The Wall Street Journal notes that in a recent filing Okta said it had over 15,000 customers around the world. It lists the likes of Peloton, Sonos, T-Mobile, and the FCC as customers on its website.
In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.” Hollis said. “We believe the screenshots shared online are connected to this January event.”
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Hollis continued. However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months.
LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof.
— vx-underground (@vxunderground) March 22, 2022
The photos we are sharing has been edited so no sensitive information or user identities are displayed.
Image 1 - 4 attached below. pic.twitter.com/nR8V56dLu2
Lapsus$ is a hacking group that’s claimed responsibility for a number of high-profile incidents affecting Nvidia, Samsung, Microsoft, and Ubisoft, in some cases stealing hundreds of gigabytes of confidential data.
Latest Stories
-
ECOWAS Court orders compensation for violations against New Force’s Shalimar Abbiusi
4 mins -
Dreams FC denies allegations of attempting to sign Najeeb Yakubu
1 hour -
Election 2024: ‘Right to free and fair elections non-negotiable’ – Akufo-Addo
1 hour -
Kurt Okraku took out my passport from the U23 squad that travelled to Japan – Najeeb Yakubu alleges
1 hour -
Where hope fails: Ghana’s decaying home for the destitute
2 hours -
NDC Mining Committee for 2024 campaign refutes allegations of recruiting thugs for elections
2 hours -
Traction Control: A lifesaver with an off switch? Here’s why it exists
2 hours -
I don’t need anyman to woo me with money – Miss Malaika 2024 winner refutes pimping claims
2 hours -
”Kurt Okraku sabotaged my national team career because I refused to sign with Dreams FC” – Najeeb Yakubu
2 hours -
Businesses urged to leverage Generative AI for enhanced customer engagement
2 hours -
MultiChoice Ghana partners with Ghana Hotels Association to elevate guest entertainment
2 hours -
Bawumia’s music streaming app or Mahama’s pay-per-view TV channel?
2 hours -
Karpowership Ghana empowers 40 Takoradi Technical University students with scholarship
2 hours -
We expect significant reduction in prices of petroleum products in coming weeks – CEO AOMC
2 hours -
Betway Africa offers once-in-a-lifetime ‘Play-on-the-Pitch’ experience at Emirates Stadium
3 hours