According to Okta, the investigation into a security breach finds no evidence of a new attack
Identity management provider Okta inc
said Tuesday that a preliminary investigation found no evidence of ongoing malicious activity after hackers posted images they said were of the company’s internal systems.
The screenshots most likely related to a previous security incident in January that has already been fixed, the San Francisco-based company said in a statement posted to its website overnight.
More than 15,000 customers worldwide, including multinationals, universities and governments, rely on Okta’s software to securely manage access to their systems and verify user identities, according to a recent filing.
The investigation into Okta came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, allegedly showing that it had gained access to Okta.com’s Administrator and other systems. The images were also shared on other forums, including Twitter.
The group said it has not accessed or stolen data from Okta itself, and its focus is on the San Francisco-based company’s customers.
Okta said in its statement that it believes the released screenshots were linked to an attempt in January to compromise the account of an outside customer service technician working for a sub-processor. It said the matter had been investigated and contained by the sub-processor.
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond that observed in January,” Okta said.
One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare inc,
an internet infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the infringement lawsuit but said there was no evidence its systems had been compromised. It said it would reset the credentials of any employees who had changed their passwords in the past four months.
“Okta is a security plane. Since they may have an issue, we are evaluating alternatives for that tier,” Mr. Prince wrote before Okta’s statement was released.
Mr. Prince later wrote that he had yet to receive a satisfactory response to concerns about a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating a vulnerability known as “Log4Shell,” which affected a Java-based logging utility found in a number of software products.
The latest infringement lawsuit once again puts the spotlight on LAPSUS$, which claims to have recently successfully hacked a number of high-profile targets. In late February, the group claimed to have stolen a terabyte of data from chip company Nvidia corp
It has also claimed infringement at Samsung Electronics co
In their post exposing the Nvidia hack, the group said it was not government sponsored and that “we are NOT involved in politics AT ALL”.
Representatives from Nvidia and Samsung did not immediately respond to requests for comment.
Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8