Okta, an authentication company used by thousands of organizations around the world, has now confirmed an attacker had access to one of its employees’ laptops for five days in January 2022 — but claims its service “has not been breached and remains fully operational.”
The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems.
But in a statement on Tuesday afternoon, Okta now says that an attacker would only have had limited access during that five-day period — limited enough that the company claims “there are no corrective actions that need to be taken by our customers.”
Here’s what Okta chief security officer David Bradbury says is and isn’t at stake when one of its support engineers is compromised: