Authentication Firm Okta disclosed that it had been targeted by hackers and that some customers may have been affected. Read on to know more…
Okta Inc., whose authentication services are used by organisations to grant access to their networks such as Fedex Corp and Moody’s Corp, announced on Tuesday that it had been hacked and that some customers may have been affected.
The scope of the breach is still unknown, but it might have enormous ramifications because Okta, based in San Francisco, manages access to thousands of firms’ networks and applications.
In a blog post, Chief Security Officer (CSO) David Bradbury stated that a customer support engineer working for a third-party contractor had his computer hacked for five days in mid-January and that “the potential impact to Okta customers is limited to the access that support engineers have.”
He said “There are no corrective actions that need to be taken by our customers,”
Despite this, Bradbury admitted that support engineers were able to assist clients in resetting passwords and that some customers “may have been impacted.” He stated that Okta was attempting to identifying the issue and contact the customers.
The nature of the impact from the cyberattack was unclear, and Okta was unclear on how many organizations could be affected or how that squared with Okta’s advice that customers did not need to take corrective action.
In late afternoon trading, Okta’s shares were down 1.3 percent at $167.14, off earlier lows.
Okta describes itself as a “identity provider for the internet” and claims to have over 15,000 customers on its platform, according to its website.
Okta competes with Microsoft Corp., PingID, Duo, SecureAuth, and IBM in the provision of identity services such as single sign-on and multifactor authentication, which are used to allow users securely access online apps and websites.
Okta’s announcement comes after a group of ransom-seeking hackers known as Lapsus$ posted a series of screenshots of Okta’s internal communications on their Telegram channel late on Monday.
The group stated in an accompanying post that its focus was “ONLY on Okta consumers.”
Damage Control Exercise
In response to Okta’s statement on Tuesday, Lapsus$ stated that the firm was attempting to downplay the significance of the breach.
Okta’s answer also failed to impress some outside observers.
Bill Demirkapi, an Independent Security Researcher, said “In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements,”
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, earlier told Reuters that Okta customers should “be very vigilant right now.”
Customers of Okta were already taking steps to review their security settings.
Cloudflare, web infrastructure firm, outlined its response to the Okta breach at https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise , adding it did not believe it had been compromised as a result.
FedEx in a statement said that it was also looking into the matter and “we currently have no indication that our environment has been accessed or compromised.”
Earlier Exploits
Lapsus$ is a newcomer to the crowded ransomware market, but it has already earned a name for itself through high-profile hacks and attention-seeking activities.
Earlier this year, the group hacked into the websites of Portuguese media conglomerate Impresa, tweeting the phrase “Lapsus$ is now the new president of Portugal” from one of the newspaper’s Twitter accounts. The hack was portrayed as an attack on press freedom by Impresa-owned media outlets.
The group leaked proprietary material about US chipmaker Nvidia Corp on the Internet last month.
More recently, the group claims to have leaked source code from a number of major IT companies, including Microsoft. Microsoft revealed that one of its accounts had been compromised, “gaining limited access,” in a Microsoft blog post published on Tuesday devoted to Lapsus$ https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction .