Okta, an online identity authentication service used by thousands of U.S. companies to protect their computer networks, said an alleged breach of their systems is linked to a previous incident this year. There are no indications of a current threat to Okta as a result of this event, the company told CBS MoneyWatch.
Okta’s comment comes after a group called Lapsus $ posted screenshots of what they said was the company’s internal environment through the Telegram messaging service. They added: “For a service that drives authentication systems to many of the big corporations (and approved by FEDRAMP), I think these security measures are pretty poor.” FedRAMP stands for the Federal Risk Management and Authorization Program, which oversees the use of cloud-based programs for federal agencies.
Hacking into Okta could pose a risk to corporations and workers, as the service is used by more than 15,000 organizations. According to security firm Check Point Software, Lapsus $ is a cybercrime group based in Brazil that has bragged about breaking into companies such as Nvidia, Samsung and Ubisoft. It is unclear how Lapsus $ hacked these businesses, the company added.
“If true, Okta’s failure may explain how Lapsus $ has been able to achieve some of its recent chain hits,” Check Point said in a blog post. “Thousands of companies use Okta to secure and manage their identities.”
He added: “Through private keys recovered within Okta, the cyber gang can gain access to corporate networks and applications. Therefore, a breach of Okta could have potentially disastrous consequences.”
“Contained” threat
Okta said the screenshots are linked to a January attempt to hack an account of a third-party customer service engineer working for a subcontractor.
“The matter was investigated and contained,” Okta said. “According to our research so far, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
Lapsus $ also claimed to have hacked Microsoft and released some source code for Bing, Bing Maps and Cortana, which is a virtual assistant developed by the software giant.
Shares of Okta fell 4.3% on Tuesday.
- In:
- Cybersecurity and Infrastructure Security Agency
- Security hacker
Add Comment