This post was originally published on this site
Okta Inc. said it is investigating a potential digital breach of its software that lets businesses authenticate the identity of their customers and employees, which initially sent shares tumbling as much as 8%.
“The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers,” Okta
OKTA,
said in an updated blog post Tuesday. “In January 2022, Okta detected an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider. As part of our regular procedures, we alerted the provider to the situation, while simultaneously terminating the user’s active Okta sessions and suspending the individual’s account. Following those actions, we shared pertinent information (including suspicious IP addresses) to supplement their investigation, which was supported by a third-party forensics firm.”
As Okta explained the situation throughout the day, its stock has steadily rebounded, and is currently down about 2%.
Separately, Cloudflare Inc.
NET,
on Tuesday offered a timeline of what happened during its investigation of the “Okta compromise,” as Cloudflare put it.
Hacking group Lapsus$ has claimed responsibility for the breach and published screenshots claiming access to an Okta internal administrative account and the firm’s Slack channel. However, the shadowy group also said on the messaging app Telegram it did not steal any databases from Okta, and “our focus was ONLY on Okta customers.” [According to its website, Okta says it has more than 15,000 customers.]
Early Tuesday, Okta Chief Executive Todd McKinnon tweeted that the company believes those screenshots are related to a security incident in January that was contained.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors,” McKinnon tweeted, referring to a subcontractor that works with Okta. “The matter was investigated and contained by the subprocessor.”
Although Okta’s preliminary review has not revealed malicious activity beyond January’s incident, the activities of Lapsus$ has financial analysts like Mizuho Securities’ Gregg Moskowitz concerned.
In a note Tuesday, Moskowitz pointed out Lapsus$ has reportedly breached several big-name organizations over the past few months that include Microsoft Corp.
MSFT,
Nvidia Corp.
NVDA,
Samsung Electronics Co. Ltd.
005930,
Vodafone Group
VOD,
LG Electronics Inc.
066570,
and Impresa
IPR,
Lapsus$ has widened its targets and increased its sophistication in recent months, making it harder for analysts to predict which company is most at risk next, according to Pratik Savla, security engineer at cybersecurity company Venafi Inc.
