The Okta before the storm?

Share This Post

The internet is a buzz today after data extortion group Lapsus$ posted screenshots on its Telegram channel. They claim the screenshots to be of Okta’s backend administrative consoles and customer data.

Worryingly, Lapsus$ claims to have not gone after Okta for their data, but to target Okta’s customers.

Okta claims that they have seen no evidence of continued breach after security incident which occurred in late January involving the account of a third party customer support engineer.

Companies who rely on Okta for identity management and authentication services are being instructed to ‘remain vigilant and on high alert’. Monitor user activity, especially that of privileged users and admins, and watch of unusual activity.

Okta has a white paper on Leveraging Identity Data in Cyber Attack Detection and Response, which could be helpful in the effort to be vigilant.

https://www.okta.com/resources/whitepaper/leveraging-identity-data-in-cyber-attack-detection-and-response/

If any meaningful IoCs or more information comes to light, we will share it here.





Reach out to our incident response team for help

More To Explore

Information Security News – 6/23/2025

Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/   Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:

Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ The Worsening Landscape of Educational Cybersecurity Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity Gov. Abbott Signs Texas

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.