We’re excited to deliver Rework 2022 again in-person July 19 and nearly July 20 – August 3. Be part of AI and information leaders for insightful talks and thrilling networking alternatives. Study Extra
Okta chief safety officer David Bradbury mentioned in a post Tuesday that “the Okta service has not been breached and stays absolutely operational.”
“There are not any corrective actions that should be taken by our clients,” Bradbury mentioned.
Nonetheless, an attacker did entry the account of a buyer help engineer, who labored for a third-party supplier, for 5 days in January, in keeping with Bradbury. The third-party supplier was not recognized.
“There was a five-day window of time between January 16-21, 2022, the place an attacker had entry to a help engineer’s laptop computer. That is in step with the screenshots that we grew to become conscious of yesterday,” Bradbury mentioned.
Bradbury referred to screenshots posted on Telegram by hacker group Lapsus$, displaying what the group mentioned was “entry to Okta.com Superuser/Admin and varied different programs.”
The potential breach of a buyer of the main identification and entry administration vendor raised questions concerning the extent and severity of the potential breach.
Safety researcher Runa Sandvik mentioned on Twitter that some could also be “confused about Okta saying the ‘service has not been breached.’”
“The assertion is solely a authorized phrase soup,” Sandvik mentioned. “Truth is {that a} third-party was breached; that breach affected Okta; failure to reveal it affected Okta’s clients.”
VentureBeat has reached out to Okta for remark.
‘Restricted’ affect
Within the submit Tuesday, Bradbury mentioned that the “potential affect to Okta clients is proscribed to the entry that help engineers have.”
These engineers “are unable to create or delete customers, or obtain buyer databases. Help engineers do have entry to restricted information – for instance, Jira tickets and lists of customers – that had been seen within the screenshots,” he mentioned. “Help engineers are additionally capable of facilitate the resetting of passwords and MFA components for customers, however are unable to acquire these passwords.”
Okta is “actively persevering with our investigation, together with figuring out and contacting these clients which will have been impacted,” Bradbury mentioned.
From the submit:
In January 2022, Okta detected an unsuccessful try and compromise the account of a buyer help engineer working for a third-party supplier. As a part of our common procedures, we alerted the supplier to the scenario, whereas concurrently terminating the consumer’s energetic Okta periods and suspending the person’s account. Following these actions, we shared pertinent info (together with suspicious IP addresses) to complement their investigation, which was supported by a third-party forensics agency.
Following the completion of the service supplier’s investigation, we obtained a report from the forensics agency this week. The report highlighted that there was a five-day window of time between January 16-21, 2022, the place an attacker had entry to a help engineer’s laptop computer.
Okta’s inventory worth was down $5.49, or about 3.2%, as of mid-afternoon ET on Tuesday. An analyst at Truist, Joel Fishbein, reportedly referred to as the claimed breach “regarding” amid slicing his ranking on Okta.
Lapsus$ specified that it didn’t entry Okta itself. “Our focus was ONLY on okta clients,” the group mentioned in its Telegram submit.
Lapsus$ is believed to function in South America. Over the previous month, distributors together with Nvidia and Samsung Electronics confirmed the theft of knowledge by the risk actor. On March 1, as an illustration, Nvidia mentioned that “we’re conscious that the risk actor took worker credentials and a few Nvidia proprietary info from our programs and has begun leaking it on-line.”
Stolen Nvidia information reportedly included designs of graphics playing cards and supply code for DLSS, an AI rendering system. In the meantime, on Monday, Lapsus$ claimed to have posted Microsoft supply code for Bing, Bing Maps and Cortana. Microsoft mentioned it’s conscious of the claims and is investigating them.
Specialists have mentioned that Lapsus$’ motives stay unclear, given the shortage of economic calls for previously.
