WASHINGTON (Reuters) -Okta Inc, whose authentication expert services are used by providers together with Fedex Corp and Moody’s Corp to supply entry to their networks, reported on Tuesday that it experienced been hit by hackers and that some prospects might have been influenced.
The scope of the breach is nevertheless unclear, but it could have important penalties since 1000’s of companies count on San Francisco-primarily based Okta to handle access to their networks and programs.
Main Security Officer David Bradbury claimed in a weblog post that a customer aid engineer performing for a third-party contractor had his pc accessed by the hackers for a five-working day time period in mid-January and that “the opportunity effects to Okta consumers is limited to the obtain that support engineers have.”
“There are no corrective actions that need to have to be taken by our buyers,” he mentioned.
However, Bradbury acknowledged that guidance engineers were able to assist reset passwords and that some consumers “may possibly have been impacted.” He reported the business was in the approach of determining and getting in contact with them.
The mother nature of that impact wasn’t apparent and Okta did not straight away answer to an electronic mail inquiring how many businesses ended up likely afflicted or how that squared with Okta’s assistance that buyers did not require to just take corrective action.
The company’s shares have been down 1.3% at $167.14 in late afternoon buying and selling, off previously lows.
On its web-site, Okta describes by itself as the “identity service provider for the world-wide-web” and states it has much more than 15,000 clients on its system.
It competes with the likes of Microsoft Corp, PingID, Duo, SecureAuth and IBM to deliver identification solutions these as single indication-on and multifactor authentication made use of to help customers securely accessibility on the internet apps and sites.
Okta’s statement follows the submitting of a sequence of screenshots of Okta’s internal communications by a team of ransom-trying to find hackers identified as Lapsus$ on their Telegram channel late on Monday.
In an accompanying concept, the team claimed its focus was “ONLY on Okta consumers.”
Lapsus$ responded to Okta’s statement on Tuesday by declaring the enterprise was trying to lower the great importance of the breach.
Some outside observers weren’t amazed with Okta’s rationalization possibly.
“In my belief, it appears to be like like they are attempting to downplay the attack as significantly as doable, likely as far as directly contradicting them selves in their personal statements,” stated Monthly bill Demirkapi, an impartial protection researcher.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, previously informed Reuters that Okta buyers ought to “be very vigilant suitable now.”
There were previously symptoms that Okta prospects had been getting motion to revisit their safety.
Net infrastructure corporation Cloudflare issued a comprehensive rationalization https://blog site.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise of how it reacted to the Okta breach and stating the organization did not believe it had been compromised as a final result.
FedEx mentioned in a assertion that it as well was investigating and “we now have no sign that our environment has been accessed or compromised.” Moody’s did not return a information searching for remark.
Lapsus$ is a relatively new entrant to the crowded ransomware marketplace but has already created waves with substantial-profile hacks and consideration-in search of habits.
The group compromised the sites of Portuguese media conglomerate Impresa earlier this 12 months, tweeting the phrase “Lapsus$ is now the new president of Portugal” from a single newspaper’s Twitter accounts. The Impresa-owned media outlets described the hack as an assault on push independence.
Very last month, the group leaked proprietary information and facts about U.S. chipmaker Nvidia Corp to the Net.
Far more just lately the team has purported to have leaked source code from a number of big tech companies, which include Microsoft. In a web site write-up https://www.microsoft.com/stability/weblog/2022/03/22/dev-0537-felony-actor-targeting-corporations-for-information-exfiltration-and-destruction released Tuesday and devoted to Lapsus$, the application business verified that a single of its accounts had been compromised, “getting constrained obtain.”
The hackers did not respond to a concept remaining on their Telegram group chat trying to find remark.
(Reporting by Raphael Satter in WashingtonAdditional reporting by James Pearson in LondonEditing by Jonathan Oatis and Stephen Coates)
Copyright 2022 Thomson Reuters.