Okta investigates a data breach: 15k of potentially affected customers

Businesses like Peloton, T-Mobile, and FCC are on high alert due to the breach that possibly caused by Lapsus$ group

Lapsus$ hacker group strikes againOkta investigates a data breach that potentially can affect more than 15 000 customers. Lapsus$ takes the responsibility

The authentication company used by tons of companies in the world reports the possible customer data breach investigation. Hacking company Lapsus$ group claimed to be responsible for this breach.[1] Screenshots with such claims got posted to the Telegram channel of this group. Criminals claim to be responsible for hacking the Okta internal systems and breaching customer data.[2]

Such a hack on Okta systems can cause major issues for related companies and organizations because universities, governmental agencies, and businesses depend on Okta to authenticate the user access to their internal systems. The publicly-traded company is worth more than $6 billion and employs over 5,000 people across the world. The company provides software services for major organizations.

Lapsus$ group claims to have admin access to Okta.com and its systems and reports that the access is obtained for a while.[3] Hackers claim to focus on Okta customers only, and it is the major issue because the company has more than 15,000 customers around the world. Peloton, Sonos, FCC, T-Mobile are listed as one of them.

Security incident under the investigation

Okta reported the current analysis of the data breach and more information should be released after this.[4] A spokesperson for the company stated that evidence of an ongoing attack was noticed:

In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor

These reports correlate with the screenshots and claims from the hacking group. It is possible that the information was collected and accessed for a few months now. However, the company states that malicious activity was a one-time thing in January and that right now, there are no evidence of the malicious presence on the system.

Activities related to the same hacking group

Lapsus$ group recently claimed to have breached various systems of major companies like Nvidia, Samsung, Microsoft, Ubisoft. These incidents also involved stealing huge chunks of confidential data.[5] Threat actors have already stolen source code for Cortona and Bing. Criminals often release claims about security incidents on their own behalf.

Recent reports in various news outlets show evidence of the attack against Microsoft systems. Screenshots potentially indicating the incident got published on Twitter and Telegram conversations were exposed. The group leaked source code obtained from the internal Azure DevOps server.

The 9 GB 7zip archive containing the source code of over 250 Microsoft-related projects got published via torrent. However, only a portion of the obtained code was published online. Threat actors possibly have obtained 37GB of the source code that possibly belongs to Microsoft.

This data extortion hacker group compromises various corporate systems to steal the code, customer lists, databases, or different valuable data. These activities can lead to direct extortion attempts with ransom demands. Payments can be offered in exchange for not publicly exposing the information.

It is unknown how these breaches happen and researchers believe that insiders are involved in this. The group openly announced that access to various networks can be bought from employees, so this is an actual theory. Nevertheless, hackers achieve their goals successfully.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions