Hackers Strike Authentication Company Okta, Raising Concern in Security Industry


WASHINGTON, March 22 (Reuters) – Okta Inc (OKTA.O), whose authentication services are used by companies such as Fedex Corp (FDX.N) and Moody’s Corp (MCO.N) to provide access to their networks is investigating a breach after hackers released screenshots of what they said was inside information.

The scope of the hack is unknown, but it could have major consequences as thousands of businesses rely on San Francisco-based Okta to manage access to their networks and applications. Read more

In a statement, Okta manager Chris Hollis said the hack could be linked to an undisclosed incident in January that he said has since been brought under control. Okta had detected an attempted compromise of a third-party customer support engineer’s account at the time, Hollis said.

Join now for FREE unlimited access to Reuters.com


“We believe the screenshots shared online are related to this January event,” he said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

Okta shares were down 2.7% at $164.92 in afternoon trading, from previous lows.

Okta did not disclose whether customers were affected or, if so, how many. He said: “We are continuing to investigate and will provide additional information as it becomes available.”

On its website, Okta describes itself as the “identity provider for the internet” and claims to have more than 15,000 customers on its platform.

It competes with Microsoft Corp (MSFT.O), PingID, Duo, SecureAuth and IBM (IBM.N) to provide identity services such as single sign-on and multi-factor authentication used to help users access securely to online applications and websites.

The screenshots were posted by a ransom-seeking hacker group known as Lapsus$ on their Telegram channel on Monday evening. In an accompanying message, the group said it was focusing “ONLY on Okta customers”.


Security experts told Reuters the screenshots appeared authentic.

“I really believe it’s believable,” independent security researcher Bill Demirkapi said, citing footage of what appeared to be Okta’s internal tickets and internal chat on messaging app Slack.

Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to “be very vigilant at this time”.

Lapsus$ is a relatively new entrant to the crowded ransomware market, but it’s already made waves with high-profile hacks and attention-seeking behavior.

The group compromised the websites of Portuguese media conglomerate Impresa earlier this year, tweeting the phrase “Lapsus $ is now Portugal’s new president” from a newspaper’s Twitter accounts. Impresa-owned media described the hack as an attack on press freedom. Read more

Last month, the group leaked exclusive information about US chipmaker Nvidia Corp (NVDA.O) to the web. Read more

More recently, the group claimed to have leaked source code from several major tech companies.

The hackers did not respond to a message left on their Telegram group chat requesting comment.

Join now for FREE unlimited access to Reuters.com


Reporting by Raphael Satter in Washington Additional reporting by James Pearson in London Editing by Matthew Lewis

Our standards: The Thomson Reuters Trust Principles.


Comments are closed.