A cyber-attack on Okta may have impacted hundreds of organizations that rely on the business to provide network connectivity.
Okta reported that in the “worst case,” 366 of its clients were affected and that their “data may have been accessed or acted upon” – the company’s stock dropped 9% as a result of the announcement.
It claims to have over 15,000 customers, ranging from large corporations like FedEx to smaller businesses like Thanet District Council in Kent.
The breach was carried out by the cyber-gang Lapsus$.
According to Ekram Ahmed of cyber-security firm Checkpoint, the ransomware gang “is a South American threat actor that has recently been linked to cyber-attacks on certain high-profile targets.”
“The cyber-gang is infamous for extortion, threatening the publication of sensitive information if its victims do not comply with their demands,” he said.
The gang has claimed to have broken into a number of high-profile companies, including Microsoft, in the past.
Microsoft stated in a blog post that Lapsus$ had only gotten restricted access after compromising a single account, but that no customer code or data had been compromised.
Concerns grew.
The attack in January, according to Okta, was carried out by a third-party contractor known as a “sub-processor,” and “the situation was probed and contained.”
“Aside from the activities observed in January, there is no evidence of continued malicious activity,” it stated.
However, as the public’s worry grew, Okta issued a series of updated blog postings that provided more information.
Over a five-day period in mid-January, hackers gained access to the computer of a customer-support engineer working for the sub-processor, according to Chief Security Officer David Bradbury.
He described the attack as “analogous to walking away from your computer at a coffee shop, where a stranger has sat down at your machine and is utilizing the mouse and keyboard,” he said.
However, the engineer’s computer did not grant “god-like access,” the hackers were limited in their actions, and Okta was not compromised and remained fully operational.
“Our clients are not required to take any corrective activities,” Mr. Bradbury continued.
The engineer’s employer, Sykes, a Sitel Group company, said it was “certain there is no longer a security concern.”
However, it would “continue to examine and assess any security vulnerabilities to both our infrastructure and the brands we support around the world” in partnership with external cyber-security specialists.
In online remarks, Lapsus$ claimed that it had not stolen “any databases from Okta” and that it was solely focused on its clients.
Although no difficulties have been detected by Okta’s clients, Mr. Ahmed advises “great caution and cyber-safety practices.”
“In the following days, the full breadth of the cyber-resources gang’s should be revealed,” he continued.
A variety of applications
Cloudflare, one of Okta’s clients, stated in a blog post that it did not believe it had been hacked.
“There is no indication that our environment has been hacked or compromised,” FedEx told Reuters.
Thanet, which uses Okta to make it easier for employees to manage and sign in to different apps, told BBC News that the attack “has not affected the council’s data’s security,” but that it “will continue to monitor the situation.”
The National Cyber Security Centre in the United Kingdom said it has “not observed any evidence of impact in the United Kingdom.”