Everything started with a post of Lapsus$ Telegram group including screenshots of Okta’s admin panel. We shared the news as asking whether Okta hacked?
An update about the incident came from David Bradbury, the CSO of Okta as “the Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.”
In the continuation, Okta accepts an incident like “between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. This is consistent with the screenshots that we became aware of yesterday” and claiming the impact is limited to the access that support engineers have and no customers were affected.
Against this announcement, Lapsus$ made some announcements too about the incident and the post of Okta. Lapsus$ also shared the link of the Security & Privacy Document of Okta located in okta.com and claimed that they found AWS keys in Slack.