A cyber-attack on Okta may have impacted hundreds of organisations that rely on the business to provide network connectivity.
Okta reported that in the “worst case,” 366 of its clients were affected and that their “data may have been accessed or acted upon” – the company’s stock dropped 9% as a result of the announcement.
It claims to have over 15,000 customers, ranging from large corporations like FedEx to smaller businesses like Thanet District Council in Kent.
The breach was carried out by the cyber-gang Lapsus.
According to Ekram Ahmed of cyber-security firm Checkpoint, the ransomware gang “is a South American threat actor that has recently been linked to cyber-attacks on certain high-profile targets.”
The gang has claimed to have broken into a number of high-profile companies, including Microsoft, in the past.
Microsoft stated in a blog post that Lapsus$ had only gotten restricted access after compromising a single account, but that no customer code or data had been compromised.
The attack in January, according to Okta, was carried out by a third-party contractor known as a “sub-processor,” and “the situation was probed and contained.”
However, as the public’s worry grew, Okta issued a series of updated blog postings that provided more information.
Over a five-day period in mid-January, hackers gained access to the computer of a customer-support engineer working for the sub-processor, according to Chief Security Officer David Bradbury.
However, the engineer’s computer did not grant “god-like access,” the hackers were limited in their actions, and Okta was not compromised and remained fully operational.
The engineer’s employer, Sykes, a Sitel Group company, said it was “certain there is no longer a security concern.”
However, it would “continue to examine and assess any security vulnerabilities to both our infrastructure and the brands we support around the world” in partnership with external cyber-security specialists.
Cloudflare, one of Okta’s clients, stated in a blog post that it did not believe it had been hacked.
The National Cyber Security Centre in the United Kingdom said it has “not observed any evidence of impact in the United Kingdom.”