“The potential impact of Okta’s customers is limited to the access that support engineers have,” Bradbury said, adding that these engineers are unable to download customer databases or create or delete users. “Support engineers are also able to facilitate resetting passwords and MFAs for users, but they are not able to obtain these passwords.”
The new details came hours after Octa said it was investigating reports of a possible digital hack. Reuters first reported that Okta was looking into reports of a possible digital hack after a hacking group known as $Lapsus claimed responsibility for the incident and posted screenshots claiming access to an internal Okta administrative account and the company’s Slack channel.
$Lapsus, a mysterious hacking group that appeared in December, claimed on the Telegram messaging app that it did not steal any databases from Okta itself, but that “our focus was only on Okta customers”.
Bradbury said the company is “actively pursuing our investigations, including identifying and contacting customers who may have been affected.”
Lapsus$ has claimed to have stolen data from several high-profile corporate victims since December. The group began focusing on Latin American victims, and some security researchers suspect the group is based in Latin America.
But much about the group is a mystery. There is no evidence that hackers have used ransomware to try to extort victims, according to an analysis by cybersecurity firm Digital Shadows on March 17. Digital Shadows analysts said the group appears to have tried to recruit rogue employees into companies who would be willing to look up passwords to aid in the hacks.
$Lapsus has gone out of its way on his Telegram channel to stress that he is “not sponsored by the state” and that his “only goal is money”.
Okta shares fell nearly 8% in pre-market trading on Tuesday, but later recovered much of those losses.
“Typical beer advocate. Future teen idol. Unapologetic tv practitioner. Music trailblazer.”