Okta is responding to concerns that it was hacked by inadvertently creating more confusion.
On Tuesday, Okta published an updated statement concerning the potential breach of its systems, which many observers fear exposed access to 15,000 corporate customers, including major companies. The group allegedly behind the breach, LAPSUS$, has posted screenshots that supposedly show the hackers had administrative access to Okta’s internal systems.
The company’s latest statement says “the Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.” Still, the same statement notes that back in January, the company did detect an attempt to compromise an account belonging to an Okta customer support engineer working at a third-party provider.
The company describes the hacking attempt as “unsuccessful,” pointing to how it suspended the customer support engineer’s access. However, a report from a third-party forensics firm later found the attackers had “a five-day window of time” between Jan. 16-21 to access the engineer’s laptop.
"This is consistent with the screenshots (LAPSUS$ shared) that we became aware of yesterday," the company added.
Okta left unsaid why it didn’t notify customers about the potential breach, but did note the third-party forensics firm only supplied its report on the January hack this week. Even so, Okta is claiming its customers shouldn’t worry, citing how the affected customer support engineer had limited access to company systems.
“These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data—for example, Jira tickets and lists of users— that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and MFA (multi-factor authentication) factors for users, but are unable to obtain those passwords,” the company wrote.
However, LAPSUS$ claims Okta is downplaying the severity of the incident. “I do enjoy the lies given by Okta,” the group wrote in its public chat room minutes after Okta published the updated statement.
“I'm STILL unsure how it's an unsuccessful attempt?” the group added. “Logged in to superuser portal with the ability to reset the Password and MFA of ~95% of clients isn't successful?” In addition, LAPSUS$ claims the customer support engineer had access to 8,600 channels over the workplace chat app Slack, which many companies use.
The alleged breach also occurs as LAPSUS$ recently managed to infiltrate Nvidia, Samsung, and possibly Microsoft. This has sparked concern that the hackers did so by breaking into Okta, a provider of authentication systems for companies across the globe.
Okta did not immediately respond to a request for comment. But the company’s statement notes: “We are actively continuing our investigation, including identifying and contacting those customers that may have been impacted.
“We take our responsibility to protect and secure our customers' information very seriously. We are deeply committed to transparency and will communicate additional updates when available,” the company added.