Authentication services provider Okta has reportedly become the latest victim of the increasingly notorious Lapsus$ hacking group, which has recently claimed responsibility for cybersecurity incidents affecting Samsung, Vodafone, and Ubisoft.
According to Reuters, Lapsus$ recently posted screenshots of what it claims are Okta’s Slack channel and internal support tickets.
Okta says it is investigating but has admitted that hundreds of its clients could be affected by the data breach. In the most recent update on its website, Okta says that 2.5% of its client base has potentially had data viewed, stolen, or otherwise acted upon and is contacting those affected directly. It is thought the company has over 100 million registered users, so a conservative estimate is that 2.5 million people could have had their credentials stolen, although we don’t know how that translates into client numbers.
In a series of tweets on 22nd March, Okta CEO Todd McKinnon said: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.
“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
A statement on Okta’s website from the company’s Chief Security Officer, David Bradbury, likened the incident to leaving a laptop unattended at a coffee shop and then someone sitting down and looking through your files while you’re away.
At the time of writing, it wasn’t clear whether Lapsus$ had used any malware or viruses to gain access to the data or whether the screenshots posted to Telegram were authentic. However, multiple security experts seem to agree that the images are genuine, which gives some credibility to the likelihood that this is the case.
While any data breach is a severe problem, such incidents are incredibly embarrassing for companies like Okta, which itself is in the business of providing authentication services.
Although Okta users who have been affected by this data breach will be contacted directly by the company, it would be sensible for any Okta users to update their credentials and take steps to secure any personal data held in Okta that threat actors could exploit.
Image Credit: II.studio / Shutterstock.com