Okta says breach evidence posted by Lapsus$ hackers linked to January 'security incident'

Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a “contained” security incident that took place in January 2022. 

Okta, an enterprise identity and access management firm, launched an inquiry after the LAPSUS$ hacking group posted screenshots on Telegram that the hackers claimed were taken after obtaining access to “Okta.com Superuser/Admin and various other systems.”

Screenshot via Telegram

The images were shared over Telegram and various social media networks this week. 

“For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor[…],” LAPSUS$ said. “Before people start asking, we did not access/steal any databases from Okta — our focus was only on Okta customers.”

In an emailed statement on Tuesday, Okta said the screenshots shared online “appear to be connected to a security event in late January.”

Okta said:

“In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event.”

Read More: https://www.zdnet.com/article/okta-says-breach-evidence-shared-by-lapsus-ransomware-group-linked-to-january-hack-attempt/#ftag=RSSbaffb68