The Lapsus$ group may have hacked Okta. The authentication provider confirms that it is investigating the hack.

Lapsus$ hackers have been very active in recent weeks. Recently, these hackers allegedly captured data from Microsoft, after previously attacking Nvidia and Samsung. In the messages they post on Telegram, they release screenshots of their hack on Okta. These screenshots show that the hackers have access to admin accounts that can modify the accounts of customers of the authentication specialist.

Interest in customer data

It is noteworthy, however, that the hackers indicate that they did not steal any data. In the previous cases involving the hackers of Lapsus$, this was the case. The hackers indicate that they were more interested in Okta’s customers and not Okta itself. This, then, is a good example of a classic supply chain attack.

The timestamps on the screenshots show that they date as far back as late January of this year. This would have given the hackers access to the systems for two months. Okta itself has since indicated to Reuters that it is aware of a possible breach and is investigating it.

Much damage possible

A supply chain hack of Okta could cause a lot of damage. With access to customers’ data, hackers can easily penetrate. Okta provides a single sign-on platform that allows customers to build their own login functionality.

Statement Okta

We reached out to Okta for a statement. You can read it below.

In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.

Tip: Large-scale data breach at Nvidia actively exploited.