Identity-management provider Okta Inc. OKTA -9.15% said Tuesday that a preliminary investigation found no evidence of any ongoing malicious activity after hackers posted images they said were of the company’s internal systems.
The screenshots most likely related to an earlier security incident in January, which has already been resolved, the San Francisco-based company said in a statement posted overnight on its website.
More than 15,000 customers world-wide—including multinational companies, universities and governments—rely on Okta’s software to securely manage access to their systems and verify users’ identities, according to a recent filing.
Okta investigated after the hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, purporting to show that it had gained access to Okta.com’s administrator and other systems. The images were also circulated on other forums, including Twitter.
The group said that it didn’t access or steal any data from Okta itself and that its focus was on the software company’s customers.
Okta said in its statement that it believed the shared screenshots were tied to an attempt in January to compromise the account of a third-party customer-support engineer working for a subprocessor. It said the matter had been investigated and contained by the subprocessor.
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Okta said.
One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare Inc., an internet-infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the breach claim, but he said there was no evidence that its systems were compromised. Cloudflare said it was resetting the credentials of any employees who had changed their passwords in the previous four months.
“Okta is one layer of security. Given they may have an issue, we’re evaluating alternatives for that layer,” Mr. Prince wrote before Okta published it statement.
Mr. Prince later wrote that he hadn’t received a satisfactory answer to concerns over a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating that vulnerability, known as “Log4Shell,” which concerned a Java-based logging utility found in a number of software products.
The latest breach claim puts the spotlight once more on LAPSUS$, which says it has successfully hacked a string of high-profile targets recently. In late February, the group said it stole a terabyte of data from chip company Nvidia Corp. It has also claimed responsibility for a breach at Samsung Electronics Co. Samsung didn’t respond to a request for comment.
In its post revealing the Nvidia hack, the group said it wasn’t state sponsored and that “we are not in politics AT ALL.”
An Nvidia spokesman said that employee credentials and some Nvidia proprietary information were leaked in the incident but that the company had no evidence of ransomware being deployed. He said Nvidia didn’t expect the incident to affect its ability to serve customers.
Write to Dan Strumpf at [email protected] and Ben Otto at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the March 23, 2022, print edition as ‘Okta Says Probe Found No Evidence of New Breach.’
