Illustration by Alex Castro / The Verge
Okta, an authentication company used by thousands of organizations around the world, says itâs investigating news of a potential breach, Reuters reports. The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Oktaâs internal systems, including one that appears to show Oktaâs Slack channels, and another with a Cloudflare interface.
Writing in its Telegram channel, Lapsus$ claims to have had access to Oktaâs systems for two months, but said its focus was âonly on Okta customers.â The Wall Street Journal notes that in a recent filing Okta said it had over 15,000 customers around the world, including businesses, government agencies, and universities. It lists the likes of Peloton, Sonos, T-Mobile, and the FCC as customers on its website.
In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack. âIn late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.â Hollis said. âWe believe the screenshots shared online are connected to this January event.â
âBased on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,â Hollis continued. However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months.
This is our 3rd attempt at sharing the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.
Photos 5 – 8 attached below. pic.twitter.com/KGlI3TlCqT
â vx-underground (@vxunderground) March 22, 2022
Lapsus$ is a hacking group thatâs claimed responsibility for a number of high-profile incidents affecting Nvidia, Samsung, Microsoft, and Ubisoft, in some cases stealing hundreds of gigabytes of confidential data.