In the wake of a security breach affecting enterprise security provider Okta, the company says everything is fine. Despite hackers posting screenshots on Tuesday allegedly divulging internal information, Okta claims its customers don’t need to take any corrective actions.
A ‘Previously Undisclosed Incident’ in January
In January 2022, Okta became aware of an attempt to compromise a third-party customer support engineer’s account. The security firm alerted the customer service provider of the situation. It also terminated that user’s active Okta sessions and suspended the account.
After those preventative steps, Okta shared pertinent information, including IP addresses suspected of being part of the breach, to help with the investigation. After the investigation’s conclusion, Okta received a report from the forensics firm this week.
According to that report, the hackers maintained access to the support engineer’s laptop from Jan. 16 through Jan. 21. Okta believes the screenshots shared Tuesday were from that intrusion.
The Scope of the Okta Security Breach
In a statement, Okta claims the impact of the breach is “limited to the access that support engineers have.” Such personnel can see trouble tickets and lists of users, and can reset passwords and Multi-Factor Authentication factors for users.
They cannot, Okta says, actually obtain those passwords. The company claims its own investigation remains underway. Okta says it will identify and contact any impacted customers. This is crucial because even if the breach leaked no passwords, even just lists of usernames could benefit hackers.
It’s a common practice for hackers, once they know someone’s user name, to use social engineering to obtain access to that individual’s account. They can impersonate the user, change email addresses, and otherwise attempt to get a working password for the login.
Okta Chief Security Officer David Bradbury noted the breach had “no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers.” Thousands of companies rely on Okta’s authentication services, though, not just FedEx and medical providers.
Many Customers Go Unnoticed of the Breach
A relatively new hacker group, Lapsus$, has taken credit for the breach. On the group’s Telegram channel, the hackers posted the aforementioned screenshots (via Reuters). Recently, Lapsus$ leaked proprietary information about Nvidia.
Dan Tentler, founder of cybersecurity consultancy Phobos Group, said he believed the breach was real. Okta, again, has not yet bothered notifying any of its customers, other than through the statement on the company’s website.
One Mac Observer reader, Builders FirstSource service desk specialist Warren Sklar, was surprised to learn Okta knew of the breach months ago. Sklar’s employer is one of Okta’s customers, and hasn’t received any notification. Sklar said he and his coworkers “laughed at the irony of a 2FA company being hacked, but not notifying customers right away.”