Okta Confirms January Breach After Hackers Publish Screenshots of Its Internal Network

Okta Confirms January Breach After Hackers Publish Screenshots of Its Internal Network

Okta has verified a security problem that occurred in January, after hackers shared images overnight that appeared to reveal access to the company’s internal systems. On January 21, the Lapsus$ hacking group posted multiple pictures to its Telegram channel, claiming to depict internal Okta apps, the Jira bug tracking system, and the company’s Slack. Lapsus$ stated that it did not take data from Okta and that its primary emphasis was on Okta consumers.

Thousands of businesses and governments across the world utilize Okta as a single sign-on provider, allowing employees to securely access internal services like email, calendars, and apps. Todd McKinnon, the CEO of Okta, acknowledged the compromise in a Twitter thread on March 22: “Okta identified an attempt to hack the account of a third-party customer support engineer working for one of our subprocessors in late January 2022. The subprocessor looked into the situation and was able to limit it.”

“We believe the screenshots circulated on the internet are related to the January incident. There is no indication of continued malicious behavior beyond the activity observed in January, based on our assessment to far.” Okta has yet to name the subprocessor or reply to TechCrunch’s concerns regarding the hack.

According to an amended statement from Okta’s chief security officer David Bradbury, the hack occurred between January 16 and 21, 2022, with one of Okta’s third-party suppliers. According to Forbes, the business in question is Sykes, which was purchased by Sitel Group in July 2021. Sitel claimed it was “sure there is no longer a security concern” in a brief statement, but declined to comment on its customer relationship and did not immediately respond to our queries.

The screenshots, according to security expert Bill Demirkapi, reveal various indicators that indicate the hackers may have exploited Sykes’ remote access tools and VPN to gain access to Okta’s network. In recent weeks, Lapsus$ has targeted a number of high-profile corporations, including Nvidia and Samsung. Microsoft recently said that it was looking into a suspected security issue. According to Wired, the organization targeted Portuguese-language targets such as Impresa, a Portuguese media powerhouse, and Claro and Embratel, two South American telecom corporations.