Tag Archives: Okta

Latest Statement about Okta Incident and Lapsus$

Everything started with a post of Lapsus$ Telegram group including screenshots of Okta’s admin panel. We shared the news as asking whether Okta hacked?

An update about the incident came from David Bradbury, the CSO of Okta as “the Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.

In the continuation, Okta accepts an incident like “between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. This is consistent with the screenshots that we became aware of yesterday” and claiming the impact is limited to the access that support engineers have and no customers were affected.

Against this announcement, Lapsus$ made some announcements too about the incident and the post of Okta. Lapsus$ also shared the link of the Security & Privacy Document of Okta located in okta.com and claimed that they found AWS keys in Slack.

Okta Hacked?

Since December, we are reading about the actions of Lapsus$. Samsung, Nvidia, and Ubisoft were some of their victims. Analysts suspecting that some of the members of the group are from South America, and some of them from Europe.

Lastly, the group shared a screenshot on their Telegram channel that showing they reached to the console of Okta.

Okta announced that they started an investigation after the hacker group shared the screenshot.

We will provide updates as more information becomes available” said officials of Okta.

Okta is a major Single Sign-On provider and a hack can effect thousands of other companies. If verified, an attack on Okta would represent a major attack on digital supply chains. It can cause more damage than Solarwinds incident since most major applications of the customers of Okta are already placed in their Okta interface and has a single sign-on authentication.