A cybercrime group known as Lapsus$ claimed on Monday evening that it compromised Okta, an authentication company used by thousands of organizations across the globe.
In a post on Telegram, screenshots were shared that appeared to indicate that the group has had access to the company’s internal systems since at least January. Lapsus$ stated that its focus was not on Okta itself but the company’s many prominent customers.
“BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA – our focus was ONLY on okta customers,” the hackers wrote.
Among Okta’s more than 15,000 customers are major companies such as FedEx and T-Mobile as well as government agencies such as the FCC. Okta allows users to securely access multiple services without needing multiple passwords to do so.
Lapsus$ first emerged in December and since hacked numerous high-profile targets including Nvidia, Samsung, and Ubisoft. Just hours before announcing the Okta breach, Lapsus$ released what it claimed to be data from Microsoft and LG.
In a statement to Reuters, Okta official Chris Hollis admitted that the company had dealt with a security incident back in January but that it had ultimately been “contained.”
“We believe the screenshots shared online are connected to this January event,” Hollis said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
But experts, who say the screenshots appear to be legitimate, are concerned that the incident could have been more damaging than claimed. Okta failed to answer questions over why users weren’t informed about the January security incident as well.
If the claims are true that Lapsus$ was able to take control of an administrator account at Okta, the hackers could potentially infiltrate its customers’ systems. As noted by WIRED, the alleged breach of Okta could also help explain how a relatively obscure hacking group was able to compromise so many big-name companies.
While the breach could be devastating for Okta’s customers, experts caution that much is still unknown about the situation. At least one of Okta’s clients, the internet infrastructure company Cloudflare, stated that it was not compromised thanks to multiple layers of security but added that it could be looking into an alternative to Okta given that the business “may have an issue.”
The severity of the incident will likely become more clear in the coming days and weeks.
Source: https://www.dailydot.com/debug/okta-hack-lapsus-gang-explainer/