Okta, a prominent company providing cloud based identity security is investigating a breach of their customer data from the group Lapsus$. One of the biggest SSO and Muti-factor authentication providers, in an ironic turn of events, have themselves been compromised. The cybersecurity company who defines themselves as the leader in identity and access management allegedly had account and data breaches with screenshots of internal tools exposed on the Dark Web.
Threat actor Lapsus$, a South American hacker group took responsibility for the attack claiming they have had super admin access for over two months. Okta has over 15,000 customers including fortune 500 businesses.
Okta is downplaying the event releasing statements that screenshots came from a potential cyber event back in January that was contained. Their official statements found on their website says “The Okta service has not been breached and remains fully operational.”
The hack seems credible, however, with many security leaders advising that any users should be vigilant taking steps to secure their environments. IT administrators should take all precautions, check in with Okta for recommendations but also lean on relevant third party information from non Okta cybersecurity professionals.
Microsoft posted an article that expands on this threat report.
The CloudSentinel‘s Threat Reporting system is Cloudience’s own managed security operation center which alerts our clients and partners of new threats as they surface. Our threat reports are a culmination of the most advance threat detection systems in tandem with our top threat reporting partnerships providing a strategic, non biased threat intelligence report.
No Cloudience customers are affected or use this service.