Identity giant Okta confirmed a cyber breach in January after hackers posted screenshots overnight showing access to the company’s internal systems.
Lapsus$ hacking team published some screenshots to their Telegram channel for the purpose of showing Okta internal apps on January 21st. Lapsus$ claims that they are not stealing data from Okta and Their aim is “only” to target Okta customers.
Okta is used by thousands of organizations and governments worldwide to ensure authentication and login security for corporate networks and internal systems.
In a short series of tweetsOkta CEO Todd McKinnon confirmed the January breach in a tweet on the night of March 22: “In late January 2022, Okta detected an attempt to compromise the account of a support engineer. third party customer support working for one of our subprocessors. The issue has been investigated and resolved by the sub-processor. “
“We believe the screenshots shared online are related to this January event. Based on our investigation to date, there is no evidence of malicious activity taking place other than that detected in January.”
Okta’s McKinnon did not name the subprocessor. Okta has yet to respond to TechCrunch’s questions about the breach.
TechCrunch was unable to immediately verify the authenticity of the screenshot posted by Lapsus$. Security researcher Bill Demirkapi says that the screenshots contain several theories that suggest hackers may have used a VPN to gain access to Okta’s network.
Lapsus$ has targeted several big-name companies in recent weeks, including Nvidia and Samsung. Just this week Microsoft said it is investigating a possible security breach. According to WiredThis group focuses on Portuguese-speaking targets, including Portuguese media giant Impresa, and South American telecommunications companies Claro and Embratel.
If you know more about the Okta breach or work at the company, contact security on Signal at +1 646-755-8849 or zack.whittaker@techcrunch.com by email.
