Okta

2022 - 3 - 22

Factbox-What is Okta, hacked authentication services provider (unknown)

(Reuters) - San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online aut...

Okta said the breach could be connected to an earlier incident in January. Okta sells identity services, such as Single Sign-On and Multi-factor Authentication used to log in to online applications and websites. (Reuters) – San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online authentication services, said it was investigating a digital breach on Tuesday.

Lapsu$ group claims Okta supply chain attacks (unknown)

The Lapsu$ extortion group posted screenshots to its Telegram channel Monday night they say prove they breached identity management vendor Okta.

"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. "None of Lapsus$' claims should be taken at face value," he said via electronic chat. Lapsu$ is a group that extorts the companies under the threat of leaking data - ransom without the ransomware - best known for leaks of Samsung files.

Okta investigates possible data breach (iTnews)

May relate to third-party customer support engineer targeted in January. Okta, whose authentication services are used by companies to provide access to their ...

Post cover
Image courtesy of "The Singleton Argus"

Hackers hit authentication firm Okta (The Singleton Argus)

Okta Inc, whose authentication services are used by companies including Fedex Corp and Moody's Corp to provide access...

Post cover
Image courtesy of "CRN Australia"

Okta breached by Lapsus$, customer data exposed (CRN Australia)

Ransomware gang Lapsus$ strikes again, posting screenshots to its Telegram channel Tuesday of what it alleges is data from customers of identity securit...

Nvidia said the threat actors obtained the company’s network credentials and through deception, obtained two-factor authentication capability and access to Nvidia’s network. Shortly after publication, Lapsus$ removed the post and published the message “Deleted for now will repost later.” Okta is the world’s largest pure-play identity security provider, with sales in the fiscal year ended Jan. 31, 2022, surging to US$1.3 billion, up 56 percent from US$835.4 million a year earlier. Earlier this month, Lapsus$ said it stole Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls. Okta co-founder and CEO Todd McKinnon said the screenshots shared by Lapsus$ are believed to be connected to an incident from late January, with no evidence on ongoing malicious activity beyond what happened then. Independent security researcher Bill Demirkapi told the news agency that he believes the screenshots are credible.

Okta Hack? Customers Scramble as Okta Tries to Clarify Breach (unknown)

Authentication firm Okta's statements on the Lapsus$ breach leave key questions unanswered.

The latter is the main mechanism Lapsus$ hackers would likely have abused to take over Okta logins at target organizations and infiltrate. The timing coincides with Lapsus$'s decision to release screenshots, via Telegram, that claim to detail its Okta administrative account access from late January. On Tuesday evening, about eight hours after posting Bradbury's statement, Okta updated the notice with some expanded information.

What is Okta and how its hack could affect Cloudflare, Coinbase and others (unknown)

Hundreds of large companies, such as FedEx Corp, T-Mobile US Inc, Moody's Corp and Coinbase Global Inc, use Okta's services.

In a 2019 interview with CNBC, Okta’s CEO, Todd McKinnon, said the company had more than 100 million registered users. Okta sells identity services, such as Single Sign-On and Multi-factor Authentication used to log in to online applications and websites. Okta said the breach could be connected to an earlier incident in January. Here are some facts about the company:

Okta: Lapsus$ attackers had access to support engineer's laptop (unknown)

Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a "contained" security ...

"The potential impact to Okta customers is limited to the access that support engineers have. Support engineers do have access to limited data -- for example, Jira tickets and lists of users -- that were seen in the screenshots. "The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop." "In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor[...]," LAPSUS$ said. How the group managed to breach these targets has never fully been clear to the public.

Okta concedes hundreds of clients could be affected by breach (unknown)

A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late ...

"[W]e have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon," Okta chief security officer David Bradbury said in a statement.Okta has over 15,000 customers, according to its website.It's been nearly 24 hours since Okta publicly acknowledged the apparent hack after a mysterious hacking group known as Lapsus$ published screenshots claiming access to an Okta internal administrative account and the firm's Slack channel.The breach created alarm among cybersecurity experts because of how popular the service is with big organizations and the potential access that a hacker could acquire by targeting Okta.But, Bradbury said Tuesday that the Okta service itself hadn't been breached, and the hackers had instead accessed an engineer's laptop who was providing technical support to Okta. "The potential impact to Okta customers is limited to the access that support engineers have," Bradbury said. Okta concedes hundreds of clients could be affected by breachThe Okta Inc. website on a smartphone arranged in Dobbs Ferry, New York, U. S., on Sunday, Feb. 28, 2021.A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late Tuesday amid an ongoing investigation of the breach.

Explore the last week