Okta Inc., whose authentication services are used by companies like Fedex Corp and Moody’s Corp. to provide access to their networks, are investigating a digital breach after hackers posted screenshots of what they said was internal information.
The extent of the hack is unknown, but it could have major consequences, as thousands of companies rely on San Francisco-based Octa to manage access to their networks and applications.
In a statement, Octa official Chris Hollis said the hack could be linked to a previously unknown incident in January, which he said had been contained since. Okta had identified an attempt to compromise the account of a third-party customer support engineer at the time, Hollis said.
“We believe the screenshots shared online are related to this January event,” he said. “Based on our investigation to date, there is no evidence of further malicious activity beyond the activity detected in January.”
Octa shares were down 2.7% to $ 164.92 in afternoon trading, from previous lows.
Okta did not disclose whether customers were affected or if so, how much. It said: “We are continuing our investigation and will provide additional information as it becomes available.”
On its website, Okta describes itself as the “identity provider for the Internet” and says it has more than 15,000 customers on its platform.
It competes with the likes of Microsoft Corp, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multi-factor authentication, which are used to help users secure access to online applications and websites.
The screenshots were posted by a group of ransom search hackers known as Lapsus $ on their telegram channel late Monday. In an accompanying message, the group said its focus would be “ONLY on Octa customers”.
‘Be very careful’
Security experts told Reuters the screenshots looked authentic.
“I definitely believe it’s credible,” said independent security researcher Bill Demirkapi, quoting images of what Okta’s internal tickets look like and his internal chat on the Slack messaging app.
Dan Tentler, founder of the Cybersecurity Consultancy Phobos Group, said he also believed the breach was real and called on Okta customers to “be very vigilant now.”
Lapsus $ is a relatively new entrant to the full ransomware market but has already made waves with high-profile hacks and attentive behavior.
The group compromised the website of Portuguese media conglomerate Impresa earlier this year, and tweeted the phrase “Lapsus $ is now the new president of Portugal” from a Twitter account. Impresa-owned media have described the hack as an attack on press freedom.
Last month, the group leaked proprietary information about US chipmaker Nvidia Corp. to the Web.
More recently, the group claimed that a source code had been leaked by several major tech companies.
The hackers did not respond to a message posted on their telegram group chat seeking comments.
Be smart with your money. Get the latest investment deals delivered straight to your inbox three times a week, via the Globe Investor Newsletter. Sign up today.
Add Comment