A potential breach could have major consequences for its customers. However, Okta has denied any ongoing malicious campaigns against the company.
Details of Okta’s Alleged Data Breach
Earlier today, the Lapsus$ ransomware gang posted screenshots of what it claims is Okta customer data on its Telegram channel. Taking a swipe at Okta, the group said: “For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) i think these security measures are pretty poor.” The group says it gained “superuser/admin” level access to okta.com, from where it exfiltrated customer data. Lapsus$ added that it did not steal or access databases from Okta, but that Okta’s customers were its targets. Furthermore, the shared screenshots show the system data as of Jan. 21 — which could mean that the breach took place a few months ago.
Okta Says Screenshots are from an Earlier Incident
An Okta spokesperson confirmed that the company is aware of the Lapsus$ group’s claims, and is investigating the matter. The company said it will provide public updates as more details come to light. However, the company believes the shared data is from an incident dating back to January 2022. Okta CEO, Todd McKinnon, confirmed the same on Twitter. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor,” McKinnon said. “We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” he added.
Lapsus$ Ransomware Group Continues to Strike
Lapsus$ group has been extremely active this year, going after some of the biggest corporations in the tech world. This includes Nvidia, Samsung, and Impressa. Earlier this week the group claimed it breached Microsoft and released 37 GB of the company’s source code. Typically, after gaining access to a victim’s network, Lapsus$ steals and holds on to data such as source code, customer lists, and databases. Following this, it threatens to release this proprietary information unless the victim pays a ransom. Many details regarding the alleged Okta data breach remain unclear. Furthermore, there is very little we know about the extent of the attack, and the number of impacted customers. Okta offers its services to various companies, universities, and government agencies around the world. If this story piqued your interest, we recommend checking out our detailed guide on ransomware.