- Okta found no evidence of an ongoing security incident, the company said Tuesday, following claims that the extortion group Lapsus$ breached the identity and access management firm.
- The company believes screenshots connected with the breach claim are related to a January security incident where Okta "detected an attempt to compromise the account of a third-party customer support engineer working for one of our sub-processors," the company said in a statement. A sub-processor investigated and contained the January incident.
- The hacking group Lapsus$ has also claimed responsibility for alleged breaches at Nvidia in February and Microsoft on Monday. The group claimed to have accessed source code for Bing, Bing Maps and Cortana, according to screenshots from the group's official Telegram channel posted on Twitter by research group vx-underground, which shares malware source code and samples. A Microsoft spokesperson said that "we are aware of the claims and are investigating.”
Okta has more than 15,000 customers and partners, including the three biggest cloud service providers, Amazon Web Services, Microsoft and Google Cloud, the company said in year-end filing with the Securities and Exchange Commission.
An Okta spokesperson said it is continuing its investigation and will provide more information as it becomes available.
The company was one of many caught by the Log4j vulnerability, which impacted customer agent products, the company said in a December statement. Okta deployed mitigations and patches for components of its identity service that used Log4j shortly after initial disclosure and continued to track subsequently disclosed vulnerabilities associated with the Java-based logging utility.
The Lapsus$ breach claims sent a number of companies rushing to respond. The group on Telegram shared claims of breaches and leaks at Samsung, LG Electronics and Microsoft, according to screenshots shared by vx-underground.
Inquiries to Samsung and LG were not immediately returned.
The group also claimed responsibility for the Nvidia breach in February. Following the breach, which resulted in a data leak and credential theft, Nvidia took steps to shore up security, hired incident response experts and notified law enforcement.
"We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict," a spokesperson said in a statement.