“The potential impact on Okta customers is limited to access by support engineers,” Bradbury said, adding that these engineers could not download, create or delete customer databases. “Assistant Engineers can easily reset passwords and MFA factors for users, but are unable to retrieve those passwords.”
The new details come just hours after Okta said it was investigating reports of a potential digital breach. Reuters first reported that Okta had been monitoring reports of Okta’s digital infringement after a hacking group called Lapsus $ claimed responsibility for the incident and released screenshots of Okta’s internal management account and access to the company’s Slack channel.
A mysterious hacking group that appeared in December, Lapsus $, did not steal any database from Octa in the news processor Telegram, but said “our focus was only on Okta customers”.
Bradbury said, “The company is actively pursuing our investigation, including identifying and contacting affected customers.”
Lapsus $ has claimed to have stolen data from several high-profile corporate victims since December. The group started with a focus on Latin American victims, and some security researchers suspect the group may be based in Latin America.
But there are many mysteries about the group. According to a March 17 study by cybersecurity firm Digital Shadows, there is no evidence that hackers used ransomware to extort money from victims. The group seems to have tried to hire rogue employees in companies that are willing to use passwords to help hackers, Digital Shadows Analysts.
Lapsus $ has gone out of its way to insist on its Telegram channel that it is “not government sponsored” and that its “money is the only goal”.
Okta shares fell nearly 8% in freemarket trading on Tuesday, but have since recovered most of those losses.
“Lifelong social media lover. Falls down a lot. Creator. Devoted food aficionado. Explorer. Typical troublemaker.”