Authentication services provider Okta is investigating a report of a digital breach, after hackers posted screenshots showing what they claimed was its internal company environment.
A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications, Reuters news said on Tuesday.
Okta official Chris Hollis said the breach could be related to an earlier incident in January, which was contained.
Okta had detected an attempt to compromise the account of a third party customer support engineer at the time, said Hollis.
“We believe the screenshots shared online are connected to this January event,” he said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was ONLY on Okta customers.
Security experts told Reuters the screenshots appeared to be authentic.
“I definitely do believe it is credible,” said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta’s internal tickets and its in-house chat on the Slack messaging app.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be very vigilant right now.
Okta’s authentication services are used by companies including Fedex and Moody’s to provide access to their networks. Okta confirmed that some customers may have been affected.
The scope of the breach is still unclear, but it could have major consequences because thousands of companies rely on San Francisco-based Okta to manage access to their networks and applications.
Okta Chief Security Officer David Bradbury said in a blog post that a customer support engineer working for a third-party contractor had his computer accessed by the hackers for a five-day period in mid-January and that the potential impact to Okta customers is limited to the access that support engineers have.
“There are no corrective actions that need to be taken by our customers,” he said.
Bradbury acknowledged that support engineers were able to help reset passwords and that some customers may have been impacted. He said the company was in the process of identifying and contacting them.
On its website, Okta describes itself as the identity provider for the internet and says it has more than 15,000 customers on its platform.
Okta competes with Microsoft, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multifactor authentication used to help users securely access online applications and websites.