Okta Says Probe Into Security Breach Finds No Evidence of New Attack


Identity management provider

Okta Inc.

OKTA -7.02%

said Tuesday that a preliminary investigation found no evidence of any ongoing malicious activity after hackers posted images they said were of the company’s internal systems.

The screenshots most likely related to an earlier security incident in January, which has already been resolved, the San Francisco-based company said in a statement posted overnight on its website.

More than 15,000 customers world-wide, including multinational companies, universities and governments, rely on Okta’s software to securely manage access to their systems and verify users’ identities, according to a recent filing.

Okta’s investigation came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, purporting to show that it had gained access to Okta.com’s administrator and other systems. The images were also circulated on other forums, including Twitter.

The group said it didn’t access or steal any data from Okta itself and that its focus was on the San Francisco-based company’s customers.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Okta said in its statement that it believed the shared screenshots were tied to an attempt in January to compromise the account of a third-party customer support engineer working for a subprocessor. It said the matter had been investigated and contained by the subprocessor.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Okta said.

One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare Inc., an internet infrastructure and security company. In a tweet, Cloudflare CEO

Matthew Prince

said the company was aware of the breach claim, but said there was no evidence that its systems were compromised. It said it was resetting the credentials of any employees who had changed their passwords in the previous four months.

“Okta is one layer of security. Given they may have an issue, we’re evaluating alternatives for that layer,” Mr. Prince wrote before Okta’s statement was published.

Mr. Prince later wrote that he hadn’t yet gotten a satisfactory answer to concerns over a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating that vulnerability, known as “Log4Shell,” which concerned a Java-based logging utility found in a number of software products.

The latest breach claim puts the spotlight once more on LAPSUS$, which claims to have successfully hacked a string of high profile targets recently. In late February, the group said it stole a terabyte of data from chip company

Nvidia Corp.

It has also claimed responsibility for a breach at Samsung Electronics Co. Samsung didn’t respond to a request for comment.

In its post revealing the Nvidia hack, the group said it wasn’t state sponsored and that “we are not in politics AT ALL.”

An Nvidia spokesman said that employee credentials and some Nvidia proprietary information were leaked in the incident, but said that the company had no evidence of ransomware being deployed and didn’t expect the incident to affect its ability to serve customers.

Write to Dan Strumpf at daniel.strumpf@wsj.com and Ben Otto at ben.otto@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Source link