Okta has confirmed it suffered a data breach on one of its related endpoints, and said a small percentage of its customers have been affected.
In a comapny blog post, Okta Chief Security Officer David Bradbury said a more thorough investigation had found roughly 2.5% of its customers had been impacted by the breach, and their data potentially viewed or acted upon.
Okta is thought to have around 15,000 customers worldwide, meaning hundreds of organizations could have been affected.
Lapsus$ strikes again
Bradbury noted that the company had alerted any impacted users, saying “if you are an Okta customer and were impacted, we have already reached out directly by email.”
The company’s service remains “fully operational”, the CSO reiterated, adding that its customers need to take no corrective actions.
News of the breach, suspected to have occured in January 2022 by threat actors in the Lapsus$ group, broke earlier this week. The hacker group posted screenshots on its Telegram channel, claiming they depict Okta’s internal company environment, including internal tickets and in-house Slack chats.
A live webinar is also planned for today, where Bradbury will share more technical details. The webinar is scheduled for 8 am PDT, and 4 pm PDT. Those interested can register for the event on this link.
Okta CEO Todd McKinnon has since said that the incident was not related to a new hack, but an earlier issue.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor,” he tweeted.
“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” Some have now questioned if this timing means Lapsus$ may in fact have had access to Okta’s systems since January 2022.
Besides sharing the screenshots, the threat actor claimed to be focused “ONLY on Okta customers”.
