Authentication firm Okta probes report of digital breach
Sign up now: Get ST's newsletters delivered to your inbox
Thousands of companies rely on Okta to manage access to their networks and applications.
PHOTO: REUTERS
Follow topic:
WASHINGTON (REUTERS) - Okta, whose authentication services are used by companies including Fedex and Moody's to provide access to their networks, is investigating a report of a digital breach after hackers posted screenshots of what they said was internal information.
Okta shares traded down around 5 per cent after the market opened on Tuesday (March 22).
The scope of the hack is unknown, but it could have major consequences because thousands of companies rely on San Francisco-based Okta to manage access to their networks and applications.
In a statement, Okta official Chris Hollis said the hack could be related to an earlier incident in January, which he said was contained. Okta had detected an attempt to compromise the account of a third party customer support engineer at the time, said Mr Hollis.
"We believe the screenshots shared online are connected to this January event," he said. "Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."
On its website, Okta describes itself as the "identity provider for the Internet" and says it has more than 15,000 customers on its platform.
It competes with the likes of Microsoft, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multi-factor authentication used to log-in to online applications and websites.
The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was "ONLY on Okta customers".
Security experts told Reuters the screenshots appeared to be authentic.
"I definitely do believe it is credible," said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta's internal tickets and its in-house chat on the Slack messaging app.
Mr Dan Tentler, the founder of cyber-security consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be "very vigilant right now".
