TechnologyOkta Says Hundreds of Its Customers May Have Been...

Okta Says Hundreds of Its Customers May Have Been Caught In Hack

-

- Advertisment -spot_img
Illustration of Okta's logoIMAGE SOURCE,REUTERS

Hundreds of organisations that rely on Okta to provide access to their networks may have been affected by a cyber-attack on the company.

Okta said the “worst case” was 366 of its clients had been affected and their “data may have been viewed or acted upon” – its shares fell 9% on the news.

It says it has more than 15,000 clients – from big companies, including FedEx, to smaller organisations, such as Thanet District Council, in Kent.

Cyber-gang Lapsus$ is behind the hack.

The ransomware group “is a South American threat actor that has recently been linked to cyber-attacks on some high-profile targets”, according to Ekram Ahmed, of cyber-security company Checkpoint .

“The cyber-gang is known for extortion, threatening the release of sensitive information, if demands by its victims are not made” he said.

The group has previously claimed to have broken into some high-profile companies, including Microsoft.

In a blog post, Microsoft said Lapsus$ had gained only limited access, after compromising a single account, but no customer code or data was involved.

Concern mounted

Okta initially said the attack, in January, involved a third-party contractor, a “sub-processor”, and “the matter was investigated and contained”.

“There is no evidence of ongoing malicious activity beyond the activity detected in January,” it said.

But as concern mounted, Okta published a series of updated blog posts providing more detail.

Chief security officer David Bradbury revealed the hackers had accessed the computer of a customer-support engineer working for the sub-processor, over a five-day period in mid-January.

The attack had been “analogous to walking away from your computer at a coffee shop, whereby a stranger has – virtually, in this case – sat down at your machine and is using the mouse and keyboard”, he said.

But the engineer’s computer had not provided “god-like access”, the hackers had been constrained in what they could do, Okta itself had not been breached and remained fully operational.

“There are no corrective actions that need to be taken by our customers,” Mr Bradbury added.

‘Extreme vigilance’

The contractor employing the engineer, Sykes, part of the Sitel Group, said it was “confident there is no longer a security risk”.

But in collaboration with external cyber-security experts, it would “continue to investigate and assess potential security risks to both our infrastructure and to the brands we support around the globe”.

Lapsus$ said, in online posts, it had not stolen “any databases from Okta” and was focused only on its customers.

None of Okta’s clients has reported any issues – but Mr Ahmed urged “extreme vigilance and cyber-safety practices”.

“The full extent of the cyber-gang’s resources should reveal itself in the coming days,” he added.

Multiple applications

One of Okta’s clients, Cloudflare, said, in a blog post, it did not believe it had been compromised.

FedEx told the Reuters news agency it had “no indication that our environment has been accessed or compromised”.

Thanet, which uses Okta to simplify the way staff manage and sign on to multiple applications, told BBC News the hack “has not compromised the security of the council’s data” but it “will continue to monitor the situation”.

Britain’s National Cyber Security Centre said it had “not seen any evidence of impact in the UK”.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Leading Iraqi Dentist Partners with Oxford Dental Academy

Saif AlShaker, an Iraqi dentist specialized in the field of dental treatment, restoration and cosmetic dentistry, and who holds...

Dr. Elsa Boulos Ties the Knot! Influencer Says “I Do”

Congratulations are in order for Dr. Elsa Boulos, who recently walked down the aisle in a beautiful ceremony! Elsa...

Anas Kabbani continues to be successful in the world of cars and luxury watches

In recent years, businessman Anas Kabbani has managed to make his own name in the world of cars and...

DATAI, Most Innovative AI Award, arrives in Asia, from Morocco, Dubai

DATAI, Most Innovative AI Award, arrives in Asia, from Morocco, Dubai by: AsiaTV studios Most Innovative Woman of the Year by...
- Advertisement -spot_imgspot_img

DATAI, Most Innovative AI Award, arrives in Asia, from Morocco, Dubai

by: AsiaTV studios Most Innovative Woman of the Year by Gawad Pilipino Awards, Amira Mawloud, from the nobility of Marrakesh,...

Xander’s Who Are You tour with LatinTV lands in El Salvador

In a spectacular fusion of beauty, culture, and artistry, Xander Pratt, the avant-garde artist from Morocco, recently graced the...

Must read

Leading Iraqi Dentist Partners with Oxford Dental Academy

Saif AlShaker, an Iraqi dentist specialized in the field...

Dr. Elsa Boulos Ties the Knot! Influencer Says “I Do”

Congratulations are in order for Dr. Elsa Boulos, who...
- Advertisement -spot_imgspot_img

You might also likeRELATED
Recommended to you