The internet is a buzz today after data extortion group Lapsus$ posted screenshots on its Telegram channel. They claim the screenshots to be of Okta’s backend administrative consoles and customer data.
Worryingly, Lapsus$ claims to have not gone after Okta for their data, but to target Okta’s customers.
Okta claims that they have seen no evidence of continued breach after security incident which occurred in late January involving the account of a third party customer support engineer.
Companies who rely on Okta for identity management and authentication services are being instructed to ‘remain vigilant and on high alert’. Monitor user activity, especially that of privileged users and admins, and watch of unusual activity.
Okta has a white paper on Leveraging Identity Data in Cyber Attack Detection and Response, which could be helpful in the effort to be vigilant.
If any meaningful IoCs or more information comes to light, we will share it here.
