Get in Touch
Okta investigating a reported data breach
Overview
On Tuesday the Lapsus$ extortion gang published details of what they claim is a breach of identity provider Okta. The company downplayed the risk and says an attempted compromise was contained in January with no evidence of ongoing malicious activity. A later update admitted that a “small percentage of customers” (2.5%) have been impacted
Impact
A successful compromise of an identity provider could lead to malicious actors being able to log in to customer networks.
It’s not clear from their statements whether that has happened in this case.
Vulnerability Detection
Okta are identifying and contacting customers who may have been impacted.
Containment, Mitigations & Remediations
Okta maintain that no corrective actions need to be taken.
Indicators of Compromise
None given.
Threat Landscape
Lapsus$ have hit a number of high-profile targets in recent months. A breach of their identity provider could be a possible explanation but it’s still not clear, based on public information whether this was the point of entry in those incidents.
Mitre Methodologies
T1195.002 – Compromise Software Supply Chain
T1199 – Trusted Relationship
Further Information
Okta Official Statement on LAPSUS$ Claims
Updated Okta Statement on LAPSUS$