Okta, a San Francisco-based identity and access management company, is investigating a report of a breach. Okta acknowledged that it detected a potential intrusion in January, and told Cybernews that 'there is no evidence of ongoing malicious activity beyond the activity detected in January.'
Lapsus$ threat actor shared screenshots of what appears to be Okta's internal environment. Ransomware group claims to have accessed Okta.com superuser/admin and various other systems.
One of the screenshots demonstrates that they now allegedly can reset the user's password. Another screenshot shows that Lapsus$ might have access to Okta's Slack workplace.
Lapsus$ emphasized that they did not access any databases, focusing only on Okta customers. Okta has over 15,000 customers on its platform.
Okta is aware of the reports of a potential breach and is investigating them. "We will provide updates as more information becomes available," Okta official Chris Hollis said in a brief statement.
Some screenshots date back to 21 January, suggesting that Lapsus$ might have had access to Okta's internal environment for almost two months.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Okta told Cybernews via email.
More from Cybernews:
Subscribe to our newsletter