Identity giant Okta has confirmed a January network breach after hackers posted screenshots overnight apparently gaining access to the company’s internal systems.
The Lapsus $ hacking group has released some screenshots to its telegram channel, which plans to show internal octa applications on January 21st.
Okta is used by thousands of organizations and governments worldwide as the sole sign-up provider, enabling employees to securely access the internal company. Systems such as email accounts, calendars, applications and more.
Okta Chief Executive Todd McKinnon confirmed the violation in a tweet thread overnight on March 22: “At the end of January 2022, Octa found an attempt to compromise the account of a third party client support engineer working for one of our subprocessors. The matter was investigated by the subprocessor and contain.
“We believe the screenshots shared online are related to this January event. Based on our investigation to date, there is no evidence of further malicious activity beyond the activity detected in January.
McKinnon did not name the subprocessor. Okta has not yet responded to TechCrunch questions about the breach.
TechCrunch could not immediately verify the authenticity of the screenshots posted by Lapsus $. Security researchers Bill Demirkapi said that the screenshots contain some artifacts that suggest that the hackers used a VPN to gain access to the Octa network.
Lapsus $ has targeted several big name companies in recent weeks, including Nvidia and Samsung. Just this week, Microsoft said it was investigating a possible security breach. According to Wired, the group has focused on Portuguese-speaking targets, including Portuguese media giant Impresa, and South American telecom companies Claro and Embratel.
If you want to know more about the Octa violation or the company’s work, contact the security desk at Signal at +1 646-755-8849 or zack.whhittaker@techcrunch.com by email.
Add Comment