Authentication firm Okta hit by hackers, customers 'may have been impacted'
- Okta Inc. announced on Tuesday that it had been hacked and that some clients may have been affected
- The breadth of the breach is still unknown, but it might have significant ramifications
- 'There are no corrective actions that need to be taken by our customers,' Okta spokesperson said
Okta Inc., whose authentication services are used to grant access to networks by organisations such as Fedex Corp and Moody's Corp, announced on Tuesday that it had been hacked and that some clients may have been affected.
The breadth of the breach is still unknown, but it might have significant ramifications because Okta, based in San Francisco, manages access to hundreds of businesses' networks and applications.
In a blog post, Chief Security Officer David Bradbury stated that hackers accessed a customer support engineer working for a third-party contractor's computer for five days in mid-January, adding that "the potential impact to Okta customers is limited to the access that support engineers have."
"There are no corrective actions that need to be taken by our customers," he said.
Nonetheless, Bradbury admitted that support engineers were able to assist consumers in resetting passwords and that some customers "may have been impacted." He stated that the company was identifying and contacting them.
The nature of that damage was unclear, and Okta did not respond immediately to an email asking how many businesses could be affected or how it squared with Okta's recommendation that customers did not need to take corrective action.
In late afternoon trading, the company's shares were down 1.3 percent at $167.14, off earlier lows.
Okta advertises itself as the "identity provider for the internet" and claims to have over 15,000 customers on its platform.
It competes with Microsoft Corp, PingID, Duo, SecureAuth, and IBM in the provision of identity services such as single sign-on and multifactor authentication, which are used to allow users securely access online apps and websites.
Okta's announcement comes after a group of ransom-seeking hackers known as Lapsus$ posted a series of screenshots of Okta's internal interactions on their Telegram channel late on Monday.
The group stated in an accompanying post that its focus was "ONLY on Okta customers."
Lapsus$ replied to Okta's statement on Tuesday by claiming that the firm was attempting to downplay the significance of the hack.
Some outside observers were also unimpressed by Okta's answer.
"In my opinion, it looks like they're trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements," Bill Demirkapi, an independent security researcher, stated.
Earlier this week, Dan Tentler, founder of cybersecurity consultancy Phobos Group, warned Reuters that Okta clients should "be very vigilant right now."
Lapsus$ is a newcomer to the crowded ransomware market, but it has already created a name for itself with high-profile hacks and attention-seeking activities.
Earlier this year, the group took over the websites of Portuguese media conglomerate Impresa, tweeting the statement "Lapsus$ is now the new President of Portugal" from one of the newspaper's Twitter accounts. The hack was portrayed as an attack on press freedom by Impresa-owned media firms.
Last month, the organisation published confidential material regarding the US chipmaker Nvidia Corp on the Internet.