Okta, a major provider of authentication services, has confirmed it has suffered a security incident that may have impacted 2.5% of its customers (approx. 375 customers). The announcement comes after the Lapsus$ hacker group posted screenshots in their Telegram channel of what they claim to be access to Okta's backend adminsitrative consoles and customer data.
“The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers,” the company said in a statement on the incident.
As the company explained, in January 2022, it detected an unsuccessful attempt to hack into the account of a customer support engineer working for a third-party provider. Okta said it immediately terminated the user’s active Okta sessions and suspended the account. An investigation revealed that “there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. This is consistent with the screenshots that we became aware of yesterday.”
“The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data - for example, Jira tickets and lists of users - that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords,” the company said, adding that Auth0, HIPAA and FedRAMP customers were not affected.
In a message posted to their Telegram channel Lapsus$ disputed Okta’s statement, saying that they did not breach an Okta employee’s laptop but their thin client. The hackers also disagree with the company’s claim that the compromise was unsuccessful.
“I'm STILL unsure how its a unsuccessful attempt? Logged in to superuser portal with the ability to reset the Password and MFA of ~95% of clients isn't successful?,” the group wrote.
Earlier this week, Lapsus$ leaked what they claim to be the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.