Lapsus Okta hack details revealed. According to Reuters, an authentication firm used by thousands of organizations across the world, it is looking into reports of a possible breach. The leak follows a posting on Lapsus$’s Telegram channel showing purported screenshots of Okta’s internal systems, including one that appears to show Okta’s Slack groups and another with a Cloudflare interface.
If a hacker were to compromise Okta, it could have significant consequences for the businesses, universities, and government institutions that rely on Okta to authenticate user access to internal systems.
Lapsus$ claimed to have had “Superuser/Admin” access to Okta’s systems for two months, according to its Telegram channel, but it said its attention was solely on Okta customers. The Wall Street Journal reports that Okta has over 15,000 clients around the world, including Peloton, Sonos, T-Mobile, and the FCC.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event.”
-Okta spokesperson Chris Hollis
Lapsus Okta hack: Lapsus$ claimed to have had “Superuser/Admin” access
“There is no evidence of continuing malicious behavior beyond the activity detected in January,” Hollis added. Writing on their Telegram channel, Lapsus$ said it had access for a few months, however.
LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof.
The photos we are sharing has been edited so no sensitive information or user identities are displayed.
Image 1 – 4 attached below. pic.twitter.com/nR8V56dLu2
— vx-underground (@vxunderground) March 22, 2022
What is Lapsus$?
Lapsus$ is a hacking group that has been linked to a number of high-profile Nvidia, Samsung, Microsoft, and Ubisoft hacks in which they’ve stolen hundreds of terabytes of sensitive data.