Hackers have posted credible screengrabs to back reports of an Okta security breach. Otka provides single sign-on user authentication tools in the enterprise sector, with a huge range of blue-chip clients. Its tools are available for Mac and iOS, as well as Windows and Android.
The hacking group LAPSUS$, known for its ransomware attacks, says that it is targeting Otka users …
An Okta compromise is a potentially huge deal for business customers as it provides single sign-on access to both devices and services, so it could allow attackers very substantial access to corporate data.
Okta is a secure identity cloud that links all your apps, logins and devices into a unified digital fabric. With Okta, you’re up and running on day one, with every app and program you use to work, instantly available. Whether you’re at your desktop or on the go, Okta seamlessly connects you to everything you need.
Reuters reports.
Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment.
A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications.
Independent security experts say that that the evidence provided is solid.
“I definitely do believe it is credible,” said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta’s internal tickets and its in-house chat on the Slack messaging app.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be “very vigilant right now.”
Okta itself confirmed a security breach, which it said was the result of a third-party support engineer’s account being compromised. It says this occurred in January and was ‘contained.’ However, it is concerning that the company does not appear to have notified customers at the time, and no details are yet available on the exact data accessed.
Author: Ben Lovejoy
Source: 9TO5Google