According to Okta, the investigation into a security breach finds no evidence of a new attack

Identity management provider Okta inc

OCTA -7.28%

said Tuesday that a preliminary investigation found no evidence of ongoing malicious activity after hackers posted images they said were of the company’s internal systems.

The screenshots most likely related to a previous security incident in January that has already been fixed, the San Francisco-based company said in a statement posted to its website overnight.

More than 15,000 customers worldwide, including multinationals, universities and governments, rely on Okta’s software to securely manage access to their systems and verify user identities, according to a recent filing.

The investigation into Okta came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service, allegedly showing that it had gained access to’s Administrator and other systems. The images were also shared on other forums, including Twitter.

The group said it has not accessed or stolen data from Okta itself, and its focus is on the San Francisco-based company’s customers.

Ransomware attacks are becoming more prevalent, casualty losses are skyrocketing and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the US can do to combat them. Photo illustration: Laura Kammermann

Okta said in its statement that it believes the released screenshots were linked to an attempt in January to compromise the account of an outside customer service technician working for a sub-processor. It said the matter had been investigated and contained by the sub-processor.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond that observed in January,” Okta said.

One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare Inc., an internet infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the infringement lawsuit but said there was no evidence its systems had been compromised. It said it would reset the credentials of any employees who had changed their passwords in the past four months.

“Okta is a security plane. As they may have an issue, we are evaluating alternatives for this shift,” Mr. Prince wrote, ahead of Okta’s statement being released.

Mr. Prince later wrote that he had yet to receive a satisfactory response to concerns about a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating this vulnerability, known as “Log4Shell,” which affected a Java-based logging utility found in a number of software products.

The latest infringement lawsuit once again puts the spotlight on LAPSUS$, which claims to have recently successfully hacked a number of high-profile targets. In late February, the group claimed to have stolen a terabyte of data from chip company Nvidia corp

It has also claimed responsibility for a violation at Samsung Electronics Co. Samsung did not respond to a request for comment.

In their post exposing the Nvidia hack, the group said it was not government sponsored and that “we are NOT involved in politics AT ALL”.

An Nvidia spokesman said employee credentials and some Nvidia proprietary information were leaked in the incident, but said the company had no evidence of ransomware deployment and did not expect the incident to affect its ability to serve customers .

write to Dan Strumpf at and Ben Otto at

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8 According to Okta, the investigation into a security breach finds no evidence of a new attack

Ari Notis is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button