Single-sign-on cybersecurity firm Okta confirms hundreds of its customers hit by data breach from Lapsus$ hacking group
Nickie Louise
Posted On March 23, 2022
Cybersecurity and single-sign-on service provider Okta has become the latest victim of the Lapsus$ hacking group. Okta confirmed that hundreds of its customers have been affected by a data breach.
In a series of blog posts, Okta Chief Security Officer David Bradbury said the “maximum potential impact” was to 366 customers whose data was accessed by an outside contractor, Sitel. The contractor employed an engineer whose laptop the hackers had hijacked, Bradbury added.
The 366 number represented a “worst-case scenario,” Bradbury cautioned, adding that, in any case, the hackers had been constrained in their range of possible actions.
On Monday, the Lapsus$ hacking group posted screenshots that it claimed showed the environment of Okta’s corporate network. The screenshots included images showing Slack channels as well as an interface with Cloudflare, among other services.
Okta offers single-sign-on and authentication services, enabling employees of corporate clients to sign in to multiple services with minimal fuss. This includes the Okta Mobile app for iPhone and iPad, enabling SSO through the Okta Identity Management Service using Face ID.
As Okta has around 15,000 clients, including major organizations, educational institutions, and government agencies, cybersecurity firm Phobos Group founder Dan Tentler advises customers to be “very vigilant right now” about any potential threats to security.
The Okta breach details surface on the same day as another alleged Lapsus$ intrusion, involving the leaking of gigabytes of Microsoft source code. The group was previously linked to breaches of Samsung and Nvidia, among others.
Below is the updated message from Okta Chief Security Officer.
This update was posted at 6:31 PM, Pacific Time.
++
As we shared earlier today, we are conducting a thorough investigation into the recent LAPSUS$ claims and any impact on our valued customers. The Okta service is fully operational, and there are no corrective actions our customers need to take.
After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly. If you are an Okta customer and were impacted, we have already reached out directly by email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.
Our customers are our pride, purpose, and #1 priority. We take our responsibility to protect and secure customers’ information very seriously. We deeply apologize for the inconvenience and uncertainty this has caused.
I will also be hosting a live webinar tomorrow, Wednesday, March 23, to share more technical details. The webinar will occur at 8 am PDT and again at 4 pm PDT to accommodate our global customers. Please register here.
We immensely value our customers’ business and the trust they put in Okta.
########
