Security News > 2022 > March > Authentication oufit Okta investigating Lapsus$ breach report

Authentication oufit Okta investigating Lapsus$ breach report
2022-03-22 13:00

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals.

Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

Oz Alashe, CEO of CybSafe and chair of the UK government's DCMS Industry Expert Advisory Group on Cyber Resilience, said: "The potential attack on Okta is a striking reminder of the supply chain's cyber risks. Cybercriminals will often identify the route of least resistance. An authentication tool such as Okta provides the opportunity to breach hundreds of large enterprises in one sweep."

Alashe cautioned: "While Okta's investigation is ongoing, it's important the security community doesn't jump to conclusions and harass its security team at this challenging time."

Cloudflare, which uses Okta as an identity provider, announced it would be resetting the Okta credentials of employees.

The Register contacted Okta for comment, but the company only repeated the tweeted comments of McKinnon.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/22/okta_lapsus/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Okta 8 1 4 5 0 10