Published On: Fri, Apr 29th, 2022

Okta confirms Jan crack after hackers tell screenshots of the inner network

Identity hulk Okta has reliable a Jan confidence occurrence after hackers posted screenshots overnight apparently display entrance to a company’s inner systems.

The Lapsus$ hacking organisation published several screenshots to a Telegram channel purporting to uncover inner Okta applications, Jira bug ticketing system, and a company’s Slack on Jan 21. Lapsus$ claimed it did not take information from Okta, and that a concentration was on targeting Okta customers.

Okta is used by thousands of organizations and governments worldwide as a singular sign-on provider, permitting employees to firmly entrance a company’s inner systems, such as email accounts, calendars, applications and more.

Okta arch executive Todd McKinnon reliable a crack in a twitter thread overnight on Mar 22: “In late Jan 2022, Okta rescued an try to concede a criticism of a third celebration patron support operative operative for one of a subprocessors. The matter was investigated and contained by a subprocessor.”

“We trust a screenshots common online are connected to this Jan event. Based on a review to date, there is no justification of ongoing antagonistic activity over a activity rescued in January.”

Okta has not nonetheless named a subprocessor, and has not nonetheless responded to TechCrunch’s questions about a breach.

In an updated statement, Okta’s arch confidence officer David Bradbury pronounced a concede was with one of Okta’s third-party providers over a five-day window between Jan 16-21, 2022. Forbes is stating that a association in doubt is Sykes, a association acquired by Sitel Group in Jul 2021. In a brief statement, Sitel pronounced it was “confident there is no longer a confidence risk,” though declined to criticism on a attribute with a customers, and did not immediately answer a questions.

Security researcher Bill Demirkapi pronounced that a screenshots enclose several artifacts that advise a hackers might have used Sykes’ remote entrance collection and VPN to benefit entrance to Okta’s network.

Lapsus$ has targeted several big-name companies in new weeks, including Nvidia and Samsung. Just this week Microsoft pronounced it was questioning a probable confidence breach. According to Wired, a organisation focused on Portuguese-language targets, including Portuguese media hulk Impresa, and a South American telecom companies Claro and Embratel.


If we know some-more about a Okta crack or work during a company, get in hold with a confidence table on Signal during +1 646-755-8849 or zack.whittaker@techcrunch.com by email.

About the Author