On Tuesday‚ Okta announced it has been hacked. The company says a group calling itself the Lapsus$ hacker group socially engineered an account used by a single user. The company says it was not hacked internally‚ and has no plans to change its security measures. But the security breach has left many businesses wondering: what can they do to protect their data? The breach was the first major security incident since the start of the year. Okta‚ an access management company‚ competes with Duo and PingID. While the scope of the attack is unknown‚ it is likely related to another security issue that took place in January. The company has been in business since 2009‚ and describes itself as an identity provider for the internet. There are currently more than 15‚000 users using the service. The hacking group‚ meanwhile‚ claims to have accessed Okta's systems and thin client for two months. They were able to find the AWS keys of users on Slack channels. They also claimed to have discovered Okta storing sensitive data in Slack channels. This suggests that they were using their access to zero in on its users. The company has more than 15‚000 customers‚ so the hacker's target list is likely to be huge. The breach is also likely to affect other companies‚ including JetBlue‚ Grubhub‚ T-Mobile‚ Peloton‚ Fidelity‚ and many others. The hackers are posting screenshots of their internal systems in an effort to spread their malicious code. While Okta says it found no evidence of malicious activity‚ this is not the end of the story. A more comprehensive investigation is needed to learn more about the scope of the Okta hack. A hacking group called Lapsus$ has claimed responsibility for the breach. The group also published screenshots of an account and a Slack channel. CEO Todd McKinnon said that these screenshots are related to the security breach. He stated that the hackers were targeting the Latin American users of the company's apps. While this may not be a security breach‚ it is still a security risk. The hackers have posted screenshots of Okta's internal systems. Some of them have already reset the user's passwords and have posted malicious content to the Slack channel. However‚ the hacking group may still be using the compromised system to access other sites‚ including some of the largest companies in the world. Despite the recent hacking attempt‚ the security risks are minimal. While encryption is not sufficient anymore‚ it still isn't enough. The hacking group Lapsus$ claims to have had access to Okta's systems for two months. They allegedly used a thin client to break into the company's system. It also accessed its Slack channels.
The hacking group has not disclosed the name of the hackers‚ but has revealed screenshots of their victims. The hacking group Lapsus$ has posted screenshots of the internal systems of Okta. The hackers used a thin client to gain access to Okta's systems‚ which includes Slack channels and a Slack botnet. Besides the stolen passwords‚ the hackers could access sensitive internal information. The hacking group is now targeting the accounts of millions of users. Although it is hard to know which user accounts are compromised‚ Okta has a robust identity management system that allows it to identify affected users and reset their passwords. The company has over 15‚000 users. This could mean major security implications for their customers. The hacking group has posted screenshots of internal systems. The hackers reportedly gained access to the Slack channels. They also obtained information that contains AWS keys. While the Okta breach was a massive breach‚ it has been revealed that it was a hacking of an authentication service provider. The hacker gained access to these systems through the thin client used by employees in Slack channels. This means that the attackers were able to get access to company data. Thankfully‚ the user-data of these accounts was encrypted and is now safe.
This is our 3rd attempt at sharing the 5th - 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.
Photos 5 - 8 attached below. pic.twitter.com/KGlI3TlCqT — vx-underground (@vxunderground) March 22, 2022
LAPSUS$ extortion group has released source code to Bing, Bing Maps, and Microsoft Cortana.
They state that each release is incomplete (not the entire source code). — vx-underground (@vxunderground) March 22, 2022
In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2) — Todd McKinnon (@toddmckinnon) March 22, 2022
We are aware that @Okta may have been compromised. There is no evidence that Cloudflare has been compromised. Okta is merely an identity provider for Cloudflare. Thankfully, we have multiple layers of security beyond Okta, and would never consider them to be a standalone option. — Matthew Prince 🌥 (@eastdakota) March 22, 2022
The LAPSUS$ ransomware group has claimed to breach Okta sharing the following images from internal systems. pic.twitter.com/eTtpgRzer7 — Bill Demirkapi (@BillDemirkapi) March 22, 2022