Authentication service provider Okta told Reuters overnight that it was investigating a report of a hack.
“In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our contractors. The issue has been investigated and contained by the contractor” just indicated this morning on Twitter Todd McKinnon, the CEO of Okta. “We believe the screenshots shared online are related to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January”.
Hacking group LAPSUS$ has released screenshots showing what it claims are elements of the company’s internal computing environment. If this hack is proven, it is a real bomb that explodes in the world of corporate cybersecurity.
An SSO system used by thousands of companies
Okta’s solution allows the management of passwords and profiles, or their secure self-service delegation to users, by offering several authentication methods (multifactorial, SSO for “Single Sign-on”, etc.) and several identity protocols (SAML, OAuth, or OpenID).
These so-called “Zero Trust” approaches are based precisely on the conviction that companies should systematically never trust anything, neither inside nor outside their network perimeter. Except in Okta.
This solution is used by thousands of companies to manage access to their own networks and applications. The screenshots published by the hackers show services and software such as Jira, AWS, Salesforce and Zoom, all of which use Okta to be connected to their customers. Okta has over 10,000 customers.
Authenticated screenshots
Screenshots were posted by LAPSUS$. Cybersecurity experts confirmed their likelihood to Reuters. The cybercriminal group uses ransomware to force companies that want to recover their data to pay a ransom.
LAPSUS$ posted the screenshots (Slack messaging and internal ticketing) on its Telegram channel. A message accompanying the screenshots mentions that the hackers are interested “ONLY (to) Okta customers”.
It was Okta head Chris Hollis who acknowledged that the company has been made aware of hacking allegations and is investigating these occurrences.
The law of series for LAPSUS$
Cybercriminal group LAPSUS$ is making headlines right now with all-out hacking claims. In early March 2022, the group claimed to have stolen the source code for Samsung’s Galaxy devices during a cyberattack. Information confirmed by the South Korean giant.
A week later, it was the Ubisoft group which revealed a “security incident” obliging it to reset the passwords internally. LAPSUS$ also claimed responsibility for the attack.
In early March 2021, Okta acquired its front-end competitor Auth0 for $6.5 billion, creating a heavyweight in online authentication and access control (CIAM – Customer Identity And Access and IAM (Identity and Access). Management).
Beyond authentication on services and software, Okta is already working on the opening of banking services. Last year, the company entered into a partnership with Cloudentity in this direction.