(Bloomberg) — The hacking group Lapsus$ claims it gained internal access to the system privileges of Okta, the San Francisco-based company that manages user authentication services for thousands of corporate clients.
On its Telegram channel, Lapsus$ posted screenshots of its alleged access to Okta administrative and other systems.
“For a service that powers authentication systems to many of the largest corporations … I think these security measures are pretty poor,” Lapsus$ commented in the channel.
Okta shares fell 4.8% as the market opened in New York on Tuesday.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor,” Chief Executive Officer Todd McKinnon wrote in a Twitter post. “We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
In its posts, Lapsus$ also said it did not access or steal any databases from Okta. “Our focus was only on Okta customers,” one comment noted.
Cloudflare Inc., a website security company that is a customer of Okta’s, was aware that Okta may have been compromised, CEO Matthew Prince said on Twitter.
“We are resetting the Okta credentials of any employees who’ve changed their passwords in the last 4 months, out of abundance of caution. We’ve confirmed no compromise. Okta is one layer of security. Given they may have an issue, we’re evaluating alternatives for that layer,” he added.
Lapsus$ also had touted leaks of employee accounts for LG Electronics Inc. and source code for Bing, the Microsoft Corp. search engine, and Cortana, Microsoft’s virtual assistant.
Microsoft said it’s investigating the claims of a breach. An LG spokeswoman said in a text message that the company assumed email accounts of employees were leaked but there appears to be no damage to customer data.
The Lapsus$ group has emerged only in recent months, offering to pay employees at global corporations for access to their company.
The gang uses the messaging app Telegram to publish updates, market itself and distribute purportedly leaked information. While the identity of the members remains a mystery, the group has repeatedly stated that it’s motivated to make money, rather than create disruptions on behalf of any nation-state.
Lapsus represents an anomaly among apparent cybercriminal gangs in that there is no evidence that the group has deployed malicious software in any of its attacks, according to the threat intelligence firm Digital Shadows Ltd.
(Updates with shares and background on Lapsus$)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
