Okta says screenshots from January hack could impact 366 customers
Okta, an online identity authentication service used by thousands of U.S. companies to protect their computer networks, said a purported breach of its systems is related to an earlier incident this year. There are no signs of a current threat to Okta as a result of that event, the company told CBS MoneyWatch.
Okta's comment comes after a group calling itself Lapsus$ posted screenshots of what they claimed was the company's internal environment through the messenger service Telegram. They added, "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor." FedRAMP stands for the Federal Risk and Authorization Management Program, which oversees the use of cloud-based programs for federal agencies.
In a Tuesday blog post from Okta's chief security officer, the company said it determined the screenshots stemmed from a hacker obtaining remote access to a support engineer's computer. The attacker "never gained access to the Okta service via account takeover," but they were able to take screenshots through the hack, noted David Bradbury, the chief security officer.
The maximum potential impact is on about 366 customers, Bradbury said.
He added, "The sharing of these screenshots is embarrassing for myself and the whole Okta team."
A hack at Okta could pose risks for corporations and workers, given that the service is used by more than 15,000 organizations. According to security firm Check Point Software, Lapsus$ is a cybercriminal group based in Brazil that has boasted about breaking into companies such as Nvidia, Samsung and Ubisoft. It is unclear how Lapsus$ hacked into those businesses, the firm added.
"If true, the breach at Okta may explain how Lapsus$ has been able to achieve part of its recent string successes," Check Point noted in a blog post. "Thousands of companies use Okta to secure and manage their identities."
It added, "Through private keys retrieved within Okta, the cyber gang may have access to corporate networks and applications. Hence, a breach at Okta could lead to potentially disastrous consequences."
Threat "contained"
Okta said the screenshots are linked to a January attempt to hack an account for a third-party customer support engineer working for a subcontractor.
"The matter was investigated and contained," Okta said. "Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."
Lapsus$ also claimed to have hacked into Microsoft, and posted some source code for Bing, Bing Maps and Cortana, which is a virtual assistant developed by the software giant.
Shares of Okta slipped 8.5% on Wednesday.
