Okta says security breach investigation finds no evidence of new attack

Okta identity management provider Inc.

OKTA -6.96%

said on Tuesday that a preliminary investigation found no evidence of ongoing malicious activity after hackers posted images they believed belonged to the company’s internal systems.

The screenshots were most likely related to an earlier security incident in January, which has already been resolved, the San Francisco-based company said in a statement posted overnight on its website.

More than 15,000 customers worldwide, including multinational corporations, universities and governments, trust Okta’s software to securely manage access to their systems and verify user identities, according to a recent filing.

Okta’s investigation came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, claiming to show it had gained access to Okta.com’s administrator. and other systems. The images were also shared on other forums, including Twitter.

The group said it did not access or steal any data from Okta itself and was focused on customers of the San Francisco-based company.

Ransomware attacks are becoming more frequent, casualties are skyrocketing, and hackers are changing targets. The WSJ’s Dustin Volz explains why these attacks are on the rise and what the United States can do to combat them. Photo illustration: Laura Kammermann

Okta said in its statement that it believes the shared screenshots were related to an attempt in January to compromise the account of a third-party customer support engineer working for a sub-contractor. He said the matter was investigated and contained by the contractor.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Okta said.

An Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare Inc., an internet infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the breach complaint, but said there was no evidence that its systems were compromised. It said it resets the credentials of all employees who changed their passwords in the previous four months.

“Okta is a layer of security. Since they may have an issue, we are evaluating alternatives for this diaper,” Prince wrote ahead of Okta’s statement.

Mr. Prince later wrote that he had yet to get a satisfactory response to concerns about a previous incident of Okta’s vulnerability discovered in December. In January, Okta said it was still investigating the vulnerability, known as “Log4Shell,” which affected a Java-based logging utility found in a number of software products.

The latest breach complaint once again shines a light on LAPSUS$, which claims to have recently successfully hacked a series of high-profile targets. In late February, the group said it stole a terabyte of data from chip company Nvidia Corp.

He also claimed responsibility for a violation at Samsung Electronics Co. Samsung did not respond to a request for comment.

In its post exposing the Nvidia hack, the group said it was not state-sponsored and that “we are not into politics at all.”

An Nvidia spokesperson said employee credentials and some Nvidia proprietary information were leaked in the incident, but said the company has no evidence of any ransomware deployment and is not concerned. did not expect the incident to affect its ability to serve customers.

Write to Dan Strumpf at [email protected] and Ben Otto at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Comments are closed.