The Okta before the storm?

Share This Post

The internet is a buzz today after data extortion group Lapsus$ posted screenshots on its Telegram channel. They claim the screenshots to be of Okta’s backend administrative consoles and customer data.

Worryingly, Lapsus$ claims to have not gone after Okta for their data, but to target Okta’s customers.

Okta claims that they have seen no evidence of continued breach after security incident which occurred in late January involving the account of a third party customer support engineer.

Companies who rely on Okta for identity management and authentication services are being instructed to ‘remain vigilant and on high alert’. Monitor user activity, especially that of privileged users and admins, and watch of unusual activity.

Okta has a white paper on Leveraging Identity Data in Cyber Attack Detection and Response, which could be helpful in the effort to be vigilant.

https://www.okta.com/resources/whitepaper/leveraging-identity-data-in-cyber-attack-detection-and-response/

If any meaningful IoCs or more information comes to light, we will share it here.





Reach out to our incident response team for help

More To Explore

Information Security News – 7/28/2025

U.S. Nuclear Weapons Department Compromised in SharePoint Attack Article Link: https://www.neowin.net/news/us-nuclear-weapons-department-compromised-in-sharepoint-attack/ Humans Can Be Tracked with Unique ‘Fingerprint’ Based on How Their Bodies Block Wi-Fi

Information Security News – 7/21/2025

Google Gemini Flaw Hijacks Email Summaries for Phishing Article Link: https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/   Hackers Exploit a Blind Spot Hiding Malware Inside DNS Records Article Link: https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.