According to Okta, the investigation into a security breach finds no evidence of a new attack

Identity management provider Okta inc

OCTA -2.92%

said Tuesday that a preliminary investigation found no evidence of ongoing malicious activity after hackers posted images they said were of the company’s internal systems.

The screenshots most likely related to a previous security incident in January that has already been fixed, the San Francisco-based company said in a statement posted to its website overnight.

More than 15,000 customers worldwide, including multinationals, universities and governments, rely on Okta’s software to securely manage access to their systems and verify user identities, according to a recent filing.

The investigation into Okta came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, allegedly showing that it had gained access to Okta.com’s Administrator and other systems. The images were also shared on other forums, including Twitter.

The group said it has not accessed or stolen data from Okta itself, and its focus is on the San Francisco-based company’s customers.

Ransomware attacks are becoming more prevalent, casualty losses are skyrocketing and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the US can do to combat them. Photo illustration: Laura Kammermann

Okta said in its statement that it believes the released screenshots were linked to an attempt in January to compromise the account of an outside customer service technician working for a sub-processor. It said the matter had been investigated and contained by the sub-processor.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond that observed in January,” Okta said.

One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare inc,

an internet infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the infringement lawsuit but said there was no evidence its systems had been compromised. It said it would reset the credentials of any employees who had changed their passwords in the past four months.

“Okta is a security plane. Since they may have an issue, we are evaluating alternatives for that tier,” Mr. Prince wrote before Okta’s statement was released.

Mr. Prince later wrote that he had yet to receive a satisfactory response to concerns about a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating a vulnerability known as “Log4Shell,” which affected a Java-based logging utility found in a number of software products.

The latest infringement lawsuit once again puts the spotlight on LAPSUS$, which claims to have recently successfully hacked a number of high-profile targets. In late February, the group claimed to have stolen a terabyte of data from chip company Nvidia corp

It has also claimed infringement at Samsung Electronics co

In their post exposing the Nvidia hack, the group said it was not government sponsored and that “we are NOT involved in politics AT ALL”.

Representatives from Nvidia and Samsung did not immediately respond to requests for comment.

write to Dan Somach at [email protected] and Ben Otto at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Comments are closed.