Okta, a provider of authentication services, announced on Tuesday that it was investigating a report of a breach after hackers posted screenshots of what they claimed was its internal company environment.
Since Okta manages access to thousands of other companies’ networks and applications, a hack could have serious consequences.
Chris Hollis, an Okta official, said the breach may have been related to another incident in January.
An attempt had been made to compromise the account of a third-party customer support engineer at the time, according to Hollis.
“We believe the screenshots shared online are related to the event in January,” he said. According to our investigation, we have found no evidence that malicious activity has continued beyond what we found in January.
LAPSUS$, a group of hackers seeking ransom, posted the screenshots late on Monday to their Telegram channel. According to an accompanying message, Okta customers are the only focus of the group.
According to CNN, security experts said the screenshots appeared to be authentic.
“I definitely do believe that it is genuine,” said independent security researcher Bill Demirkapi, citing screenshots of what appeared to be Okta’s internal tickets and its internal chat on its Slack messaging system.
Security expert Dan Tentler, the founder of the cybersecurity consultancy Phobos Group, said he also believed the breach was real and has urged Okta customers to be ‘very vigilant’ right now.