Hundreds of businesses potentially affected by Okta hack


Okta logo illustration

Hundreds of organizations that rely on Okta to provide access to their networks may have been affected by a cyberattack on the enterprise.

Okta said the “worst case scenario” was that 366 of its customers had been affected and their “data may have been accessed or exploited” – its shares fell 9% on the news.

It says it has more than 15,000 customers – from large companies, including FedEx, to smaller organisations, such as Thanet District Council in Kent.

The Lapsus$ cyber gang is behind the hack.

The ransomware group “is a South American threat actor that has recently been linked to cyberattacks on some high-profile targets,” according to Ekram Ahmed of cybersecurity firm Checkpoint.

“The cyber gang is notorious for its extortion, threatening to release sensitive information, if its victims’ demands are not made,” he said.

The group has previously claimed to have broken into some top companies, including Microsoft.

In a blog post, Microsoft said Lapsus$ was only granted limited access, after compromising a single account, but no customer code or data was involved.

Concern mounted

Okta initially said the attack, in January, involved a third-party contractor, a “sub-contractor”, and that “the matter has been investigated and contained”.

“There is no evidence of ongoing malicious activity beyond the activity detected in January,” he said.

But as the concern grew, Okta released a series of updated blog posts providing more details.

Security manager David Bradbury revealed the hackers gained access to the computer of a customer support engineer working for the contractor, over a five-day period in mid-January.

The attack had been “analogous to walking away from your computer in a cafe, where a stranger has – virtually, in this case – sat in front of your machine and is using the mouse and keyboard,” he said. .

But the engineer’s computer hadn’t provided “divine access”, hackers had been limited in what they could do, Okta itself hadn’t been hacked and remained fully operational.

“No corrective action needs to be taken by our customers,” added Mr. Bradbury.

“Extreme Vigilance”

The contractor who employs the engineer, Sykes, who is part of the Sitel Group, said he was “confident that there is no longer a safety risk”.

But together with external cybersecurity experts, it would “continue to investigate and assess potential security risks to our infrastructure and to the brands we support around the world.”

Lapsus$ said in online posts that he didn’t steal “any database from Okta” and was only focused on his customers.

None of Okta’s customers reported any issues – but Mr Ahmed called for “extreme vigilance and cybersecurity practices”.

“The extent of the cyber gang’s resources should be revealed in the coming days,” he added.

Multiple applications

One of Okta’s customers, Cloudflare, said in a blog post that they don’t believe they were compromised.

FedEx told Reuters news agency that there was “no indication that our environment has been consulted or compromised”.

Thanet, which uses Okta to simplify the way staff manage and log into multiple apps, told BBC News the hack “has not compromised the security of the council’s data” but will “continue to monitor the situation”.

Britain’s National Cyber ​​Security Center said it had “seen no evidence of impact in the UK”.


Comments are closed.