Tags: okta | hack | authentication | lapsuss | cybersecurity

Authentication Firm Okta Says up to 366 Customers Hacked

Okta
(Dreamstime)

Wednesday, 23 March 2022 10:19 AM EDT

Hundreds of customers of digital authentication firm Okta Inc. have possibly been affected by a security breach caused by a hacking group known as Lapsus$, the company said on Tuesday.

The breach has sparked concern since the cyber extortion gang posted what appeared to be internal screenshots from within the organization's network roughly a day ago.

Okta shares sank 9% after the market open.

In a series of blog posts https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise, Chief Security Officer David Bradbury said the "maximum potential impact" was to 366 customers whose data was accessed by an outside contractor, Sitel.

The contractor employed an engineer whose laptop the hackers had hijacked, he added.

The 366 number represented a "worst case scenario," Bradbury cautioned, adding that, in any case, the hackers had been constrained in their range of possible actions.

Okta, based in San Francisco, helps employees of more than 15,000 organizations securely access their networks and applications, so a breach at the company could lead to serious consequences across the Internet.

Bradbury said the intrusion would not have given "god-like access" to the intruders as they would have been unable to perform actions such as downloading customer databases or accessing Okta's source code.

Okta first got wind of the breach in January, he added, while the Miami-based Sitel Group only received a forensic report about the incident on March 10, giving Okta a summary of the findings a week later.

Bradbury said he was "greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report."

Sitel did not immediately return a message seeking comment early on Wednesday.

© 2024 Thomson/Reuters. All rights reserved.


StreetTalk
Hundreds of customers of digital authentication firm Okta Inc. have possibly been affected by a security breach caused by a hacking group known as Lapsus$, the company said on Tuesday.
okta, hack, authentication, lapsuss, cybersecurity
273
2022-19-23
Wednesday, 23 March 2022 10:19 AM
Newsmax Media, Inc.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 
Get Newsmax Text Alerts
TOP

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved
NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved