#okta #hacking #security #authentication

Okta, a company dedicated to providing identity and authentication solutions for businesses, may have experienced a hack or security breach.

This Monday, March 21, on a Telegram channel, the Lapsus$ Hackers group posted some screenshots of what they say is evidence that they managed to gain super user admin access to okta.com and several other okta systems.

Several of the aforementioned screenshots can be seen on the Twitter account of @BillDemirkapi , a security researcher.

depending on the extent of the access, this could compromise the security of many accounts and companies that use okta's services for authentication, and allow this group of hackers access to other companies' systems.

Okta CEO @toddmckinnon already tweeted about the issue, indicating that in late January of this year they detected an attempt to compromise the account of an external customer service engineer, expressing that "the matter was investigated and contained" and that the date "there is no evidence of ongoing malicious activity beyond the activity detected in January"

From the screenshot, Bill Demirkapi infers that Lapsus$ may be gaining access through the company's VPNs, since the Cisco AnyConnect icon and GlobalProtect window appear.

Lapsus$ states that none of okta's databases were stolen, that "our focus was ONLY on okta customers."

okta provides its services to more than 15,000 clients among private companies, universities and government agencies.

Okta is a publicly listed company on the NASDAQ stock exchange.