By Nathalie Voit
Identity management platform Okta confirmed an attacker gained access to one of its support engineers’ laptops between Jan. 16-21 and compromised about 2.5% of its customer base, according to a statement from Okta Chief Security Officer David Bradbury on March 22.
However, the firm maintained its service was up-and-running and that no “corrective actions” from customers needed to be taken.
“We have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon,” Bradbury said. “We have identified those customers and already reached out directly by email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.”
The news comes amid screenshots shared by hacking group Lapsus$ to its Telegram channel. On Tuesday, the digital extortion group released eight photos ripe with sensitive user information as proof that they had breached Octa’s internal systems. Okta later verified the screenshots in a company update on March 23.
“Okta Security determined that the screenshots were related to the January incident,” Bradbury wrote.
However, unlike Okta spokesperson Chris Hollis’s statement that the group had only gained access for five days, Lapsus$ claimed that it had obtained “Superuser/Admin” access for over two months.
The news put several high-profile companies on alert, including Microsoft, who relies on Okta’s support systems for identity and access management solutions.
In a blog post shared on March 22, just hours after the Lapsus$ dump, the software giant confirmed that it had been hacked.
“This week, [Lapsus$] made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” the company said.
Microsoft’s security team issued several recommendations to its customers to help dispel future attacks from the cybercriminal group, including requiring multifactor authentication (MFA) for all users from all locations, using strong passwords, and adding a VPN for an extra layer of protection. The company advised against using SMS for MFA, reportedly the least secure verification method, according to CNET.
Okta counts thousands of well-known organizations among its customers, including Zoom, Peloton, Moody’s, Lululemon, JetBlue, and Fidelity.