AppleInsider is supported by its audience and is eligible to earn an Amazon Associate and Affiliate Partner commission on qualifying purchases. These affiliate partnerships do not influence our editorial content.
Authentication service provider Okta may have fallen victim to the Lapsus$ hacking group as the company investigates a potential breach that could put thousands of its customers at risk.
On Monday, Lapsus$ posted screenshots it said showed Okta’s corporate network environment. The screenshots included elements showing Slack channels as well as an interface with Cloudflare, among other services.
The hacking group also posted a message saying it was “focusing on Okta customers only”. With Okta providing single sign-on services for many enterprise customers, this could potentially mean the group was working to secure access to other targets who used Okta on their corporate network, leading to further breaches.
Chris Hollis, an Okta official, said the company “believes the screenshots shared online are related” to an incident that happened in January. This incident involved an attempt to compromise the account of a third-party customer support engineer, Hollis said. Reuters.
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Hollis continued.
Security experts told the report they believe the screenshots were genuine. However, it is unclear if the footage was created after the known incident in January.
Okta offers single sign-on and authentication services, allowing employees of enterprise customers to log into multiple services with minimal hassle. This includes the Okta Mobile app for iPhone and iPad, enabling single sign-on through the Okta Identity Management service using Face ID.
As Okta has approximately 15,000 customers, including large organizations, educational institutions and government agencies, the founder of cybersecurity company Phobos Group, Dan Tentler, advises customers to be “very vigilant at this time” on any potential security threats.
Details of the Okta breach surface the same day as another alleged Lapsus$ breach, involving the leaking of gigabytes of Microsoft source code. The group was previously linked to breaches by Samsung and Nvidia, among others.