Okta

Hacker group shared screenshots with Telegram users, saying they believed Okta's security is "pretty poor."

"If true, the breach at Okta may explain how Lapsus$ has been able to achieve part of its recent string successes," Check Point noted in a blog post. Okta's comment comes after a group calling itself Lapsus$ posted screenshots of what they claimed was the company's internal environment through the messenger service Telegram. They added, "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor." Okta, an online identity authentication service used by thousands of U. S. companies to protect their computer networks, said a purported breach of its systems is related to an earlier incident this year.

Authentication company Okta has maintained that security protocols contained the worst impacts of a system breach from hacking group Lapsus$

Graphics card manufacturer Nvidia was also hacked by the group in late February, and had employee credentials leaked online. Details of the breach were compiled by a forensic investigation firm that had been engaged shortly after the unauthorized access was discovered, but the full report had not been provided to Okta until recently, according to Bradbury. “Today I want to provide my perspective on what has transpired, and where we are with this investigation.”

New details about a security breach pushed the stock down again today.

The company said it had already contacted those customers directly by last night. As of 12:50 p.m. ET, the stock was down 8.1%. It had fallen nearly as much yesterday before recovering most of those losses in a broad market rally. In a follow-up post after hours last night, Chief Security Officer David Bradbury explained that after an investigation into the hacker's claims, it found that at most 366 of its customers, or approximately 2.5% of its customers, were potentially impacted by the hack.

Hundreds of customers of digital authentication firm Okta Inc have possibly been affected by a security breach caused by a hacking group known as Lapsus$, ...

People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration

The Okta hack revealed yesterday, and which dated back to January, may have impacted up 366 clients, says the company's chief security ...

Upon reflection, once we received the Sitel summary report we should have moved more swiftly to understand its implications. I am greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report. While it is not a necessary step for customers, we fully expect they may want to complete their own analysis.

Okta is investigating reports of a possible digital breach, the software company said early Tuesday.

Lapsus$ has claimed to have stolen data from several high-profile corporate victims since December. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.But much about the group is a mystery. "In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors," McKinnon tweeted, referring to a subcontractor that works with Okta. "The matter was investigated and contained by the subprocessor." Shares of Okta were down nearly 8% in premarket trading Tuesday. Reuters first reported that Okta was looking into reports of a possible digital breach after a hacking group known as Lapsus$ claimed responsibility for the incident and published screenshots claiming access to an Okta internal administrative account and the firm's Slack channel.Lapsus$, a mysterious hacking group that emerged in December, claimed on the messaging app Telegram that it did not steal any databases from Okta itself, but that "our focus was ONLY on Okta customers."

Okta says it's investigating reports of a potential breach. Hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta's ...

However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack.

Okta is an authentication and identity management software company that is used by more than 15,000 organizations. Hacking group Lapsus$ posted screenshots ...

"Thousands of companies use Okta to secure and manage their identities. Any data breach of Okta has raised concerns that hackers could get access to other organizations using Okta's products. "The matter was investigated and contained by the subprocessor.

The Lapsus$ hacking group published several screenshots to its Telegram channel purporting to show internal Okta applications on January 21. Lapsus$ claimed it ...

You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address

Ransomware gang Lapsus$ strikes again, posting screenshots to its Telegram channel Tuesday of what it alleges are data from customers of identity security ...

Okta is the world’s largest pure-play identity security provider, with sales in the fiscal year ended Jan. 31, 2022, surging to $1.3 billion, up 56 percent from $835.4 million a year earlier. Earlier this month, Lapsus$ said it stole Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls. Okta co-founder and CEO Todd McKinnon said the screenshots shared by Lapsus$ are believed to be connected to an incident from late January, with no evidence on ongoing malicious activity beyond what happened then. Shortly after publication, Lapsus$ removed the post and published the message “Deleted for now will repost later.” The actors then leaked some proprietary Nvidia information online. Independent security researcher Bill Demirkapi told the news agency that he believes the screenshots are credible.

Identity management provider Okta said a preliminary investigation found no evidence of any ongoing malicious activity after hackers posted images they said ...

You may cancel your subscription at anytime by calling Customer Service. You will be charged $ + tax (if applicable) for The Wall Street Journal. You may change your billing preferences at any time in the Customer Center or call Customer Service. You will be notified in advance of any changes in rate or terms.

A fresh Lapsus$ attack on Okta has been denied by the company, but the hackers may have enough data to launch supply chain attacks.

Earlier this week, marketing platform Hubspot revealed its systems had been compromised, leading to supply chain attacks on a number of its customers in the cryptocurrency space. "An authentication tool such as Okta provides the opportunity to breach hundreds of large enterprises in one sweep." If Lapsus$ has gained access to Okta customer data, the businesses involved could become targets for a supply chain breach. Last month it claimed to have breached Nvidia, Samsung and Vodafone, before launching an attack on games publisher Ubisoft. Yesterday, Tech Monitor reported that Microsoft had become the group's latest victim after screenshots of code purporting to be from the company's Azure cloud platform were posted online. Lapsus$ has become one of the most talked-about hacking groups of 2022 after a string of attacks on high-profile targets. “For a service that powers authentication systems to many of the largest corporations, I think these security measures are pretty poor,” the message reads.

The ransomware group claims that it has had access to customer records since January 2022; Okta says there is no evidence of ongoing malicious activity.

It also showed possible superuser access, and screenshots of Okta's internal Jira and Slack instances. In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.

Okta, which helps people at more than 15000 organizations securely log in to online systems, said the issue was limited to a January hack attempt.

The shadowy organization released screenshots that appeared to show access to Okta internal systems, including an internal ticketing system and a Slack chat, Reuters reports. The shadowy organization released screenshots that appeared to show access to Okta internal systems, including an internal ticketing system and a Slack chat, Reuters reports. We believe the screenshots shared online are connected to this January event.

Authentication services provider Okta Inc. is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots ...

The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was “ONLY on Okta customers.” “We believe the screenshots shared online are connected to this January event,” he said. WASHINGTON — Authentication services provider Okta Inc. is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment.

Identity management provider Okta said a preliminary investigation found no evidence of any ongoing malicious activity after hackers posted images they said ...

You may cancel your subscription at anytime by calling Customer Service. You will be charged $ + tax (if applicable) for The Wall Street Journal. You may change your billing preferences at any time in the Customer Center or call Customer Service. You will be notified in advance of any changes in rate or terms.

Okta is investigating a digital breach after a hacking group posted screen shots on social media of what was claimed to be the authentication service ...

Okta CEO Todd McKinnon said in a tweet Tuesday that there was no evidence to date of ongoing malicious activity following a digital breach. This copy is for your personal, non-commercial use only. Okta Says It’s Found No Evidence of Ongoing Malicious Activity Following Digital Breach

(Reuters) - San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online aut...

Okta said the breach could be connected to an earlier incident in January. Okta sells identity services, such as Single Sign-On and Multi-factor Authentication used to log in to online applications and websites. (Reuters) – San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online authentication services, said it was investigating a digital breach on Tuesday.

The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.

The Lapsus$ breach claims sent a number of companies rushing to respond. A Microsoft spokesperson said that "we are aware of the claims and are investigating.” A sub-processor investigated and contained the January incident.

Lapsus$ leaking Microsoft source code would be bad enough. Breaching Okta could be much, much worse.

When you have this type of access for an identity platform like Okta, though, the potential impacts are exponentially more extreme. A potential breach of an organization as big and security-conscious as Microsoft would be significant in itself, but the group followed the post with something even more alarming: screenshots apparently taken on January 21 that seem to show Lapsus$ in control of an Okta administrative or “super user” account. On Monday evening, the Lapsus$ digital extortion gang published a series of increasingly shocking posts in its Telegram channel.

Hacker group shared screenshots with Telegram users, saying they believed Okta's security is "pretty poor."

"If true, the breach at Okta may explain how Lapsus$ has been able to achieve part of its recent string successes," Check Point noted in a blog post. Okta, an online identity authentication service used by thousands of U. S. companies to protect their computer networks, said a purported breach of its systems is related to an earlier incident this year. A hack at Okta could pose risks for corporations and workers, given that the service is used by more than 15,000 organizations.

Lapsus$ hacker group has allegedly launched successful cyberattacks against Microsoft, Nvidia, Okta, Samsung & other businesses.

This information should not be accessible from the compromised network. Lapsus$ surfaced in December 2021 and has been plenty busy since that time. Still, Samsung stopped short of blaming the alleged culprit — Lapsus$ — for the breach. Still, some observes expressed concern that Okta partners and customers could potentially suffer from a supply chain attack. Attackers have since leaked some Nvidia company information online, but the cyberattack did not impact the company’s operations and there’s no evidence that ransomware was deployed on Nvidia’s network, the chip maker has stated. * Nvidia: A cyberattack targeting Nvidia allegedly involved the Lapsus$ ransomware gang.

Okta said 2.5% of its customers may have been impacted by a data breach by the threat actor Lapsus$, though the vendor didn't specify how.

“Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft researchers said. Support engineers do have access to limited data – for example, Jira tickets and lists of users – that were seen in the screenshots,” he said. “The statement is purely a legal word soup,” Sandvik said. “Upon reflection, once we received the Sitel summary report we should have moved more swiftly to understand its implications.” These engineers “are unable to create or delete users, or download customer databases. Bradbury also identified the third-party provider as Sitel, which provides Okta with contract workers for customer support.

By Raphael Satter. WASHINGTON (Reuters) - Hundreds of customers of digital authentication firm Okta Inc have possibly been affected by a security breach ...

Okta first got wind of the breach in January, he added, while the Miami-based Sitel Group only received a forensic report about the incident on March 10, giving Okta a summary of the findings a week later. Bradbury said the intrusion would not have given "god-like access" to the intruders as they would have been unable to perform actions such as downloading customer databases or accessing Okta's source code. WASHINGTON (Reuters) - Hundreds of customers of digital authentication firm Okta Inc have possibly been affected by a security breach caused by a hacking group known as Lapsus$, the company said on Tuesday.

Hello friends and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.

You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address

Authentication firm Okta's statements on the Lapsus$ breach leave key questions unanswered.

The latter is the main mechanism Lapsus$ hackers would likely have abused to take over Okta logins at target organizations and infiltrate. The timing coincides with Lapsus$'s decision to release screenshots, via Telegram, that claim to detail its Okta administrative account access from late January. On Tuesday evening, about eight hours after posting Bradbury's statement, Okta updated the notice with some expanded information.

Screenshots that ransomware gang Lapsus$ released this week suggest the threat actor also stole Microsoft source code.

Given the fact that the screenshots Lapsus$ has posted date back to Jan. 21, the group has had the time to act on any information it was able to find, Slavin says. "There is no evidence Lapsus$ had access to customer data." In the past two months, Lapsus$ has posted data that it claims to have accessed from multiple other companies including Nvidia, Samsung, Ubisoft, and Vodafone. It's not clear at all if any of these incidents were facilitated by the access the threat group had to Okta's environment — or even if these organizations are customers of Okta in the first place. One of the screenshots suggest the attackers gained access to Okta customer Cloudflare's environment and had the ability to reset employee passwords, he says. "This was verified by comparing the timestamp of their message and the time stamp of the source code they ended up leaking." Ronen Slavin, CTO and co-founder at Cycode, says the significance of the Okta incident hinges on whether Lapsus$ was able to access customer data. "We do see in the screenshots access to Jira tickets, and Jira can contain some awfully sensitive information that could easily facilitate lateral movement," he says. "Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January," he said. In messages that Lapsus$ posted on its Telegram channel, the ransomware group made it clear that it was not targeting Okta's database, but rather its customers, Demirkapi says. One researcher who analyzed screenshots that the ransomware group posted Monday said they indicated the attackers had used a third-party customer support engineer's system to gain access to an Okta back-end administrative panel for managing customers — among other things. The other images showed the attackers had managed to access at least some source code related to Microsoft's Bing search engine, Bing Maps, and its Cortana virtual assistant. Of particular concern is that Okta apparently was aware of the incident in late January but did not disclose it until this week — potentially heightening data breach risks for its customers.

A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late ...

"[W]e have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon," Okta chief security officer David Bradbury said in a statement.Okta has over 15,000 customers, according to its website.It's been nearly 24 hours since Okta publicly acknowledged the apparent hack after a mysterious hacking group known as Lapsus$ published screenshots claiming access to an Okta internal administrative account and the firm's Slack channel.The breach created alarm among cybersecurity experts because of how popular the service is with big organizations and the potential access that a hacker could acquire by targeting Okta.But, Bradbury said Tuesday that the Okta service itself hadn't been breached, and the hackers had instead accessed an engineer's laptop who was providing technical support to Okta. "The potential impact to Okta customers is limited to the access that support engineers have," Bradbury said. Okta concedes hundreds of clients could be affected by breachThe Okta Inc. website on a smartphone arranged in Dobbs Ferry, New York, U. S., on Sunday, Feb. 28, 2021.A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late Tuesday amid an ongoing investigation of the breach.

WASHINGTON (Reuters) - Digital authentication firm Okta Inc said late Tuesday that up to 366 of its customers were possibly affected by the security b...

Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a "contained" security ...

"The potential impact to Okta customers is limited to the access that support engineers have. Support engineers do have access to limited data -- for example, Jira tickets and lists of users -- that were seen in the screenshots. "The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop." "In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor[...]," LAPSUS$ said. How the group managed to breach these targets has never fully been clear to the public.

A hacking group that previously took responsibility for attacks on Nvidia and Microsoft claimed Monday that it had compromised Okta, which provides "single ...

* Cloudflare CEO Matthew Prince tweeted, "There is no evidence that Cloudflare has been compromised... Support engineers can "facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords." * Okta chief security officer David Bradbury published a blog post Tuesday, noting that a forensics report on the January incident concluded "there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop."

Okta's federal customers include the Federal Communications Commission, the Centers for Medicare and Medicaid Services and the Department for Veterans Affairs.

According to the company, in January it detected an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider. “We are actively continuing our investigation, including identifying and contacting those customers that may have been impacted. There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers,” Okta said in a statement Tuesday.