WASHINGTON — Okta, an authentication service used by thousands of companies around the world, has said it's found "no evidence of ongoing malicious activity" after a hacking group posted screenshots it said were of the company's internal systems.
According to CNBC, hacking group Lapsus$ posted screenshots online late Monday and claimed it had access to some of Okta's internal services.
In response, Okta's CEO revealed Tuesday the company had "detected an attempt to compromise the account of a third party customer support engineer" in January.
Okta CEO Todd McKinnon tweeted they investigated the situation and "believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."
The company later issued an updated statement from its chief security officer, David Bradbury, which said the service "has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers."
Bradbury explained the company received a report from a forensics firm this week that outlined that the attacker had access to a support engineer's laptop from Jan. 21-26, 2022. However, he described the potential impact to Okta customers being limited to the access support engineers have.
While those support engineers can reset passwords and multi-factor authentication factors for users, they can't obtain the passwords, according to Bradbury.
On its website, Okta describes itself as "the identity provider for the internet" and its long list of customers includes the likes of jetBlue, FedEx, T-Mobile, Major League Baseball, Peloton and thousands more.
To many, Okta's confirmation of the January breach came far too late. Security professionals told Forbes that they were "outraged" by the lack of disclosure from the company, and questions about the attack's severity remain.
Bradbury said the company is still investigating and working to identify and contact customers who may have been impacted.
"We take our responsibility to protect and secure our customers' information very seriously. We are deeply committed to transparency and will communicate additional updates when available," Bradbury added.
The CEO of Cloudflare, one of Okta's customers whose details were included in the hackers' screenshots, said it confirmed their company had not been compromised.
"Thankfully, we have multiple layers of security beyond Okta, and would never consider them to be a standalone option," Cloudflare CEO Matthew Prince said in a tweet.
According to Reuters, the hacker group said its focus was only on Okta customers. Lapsus$ has previously targeted other high-profile victims including Samsung, Ubisoft and Nvidia.
Meanwhile, Microsoft is also investigating claims the group had gained access to its internal systems, Vice reported.
