“Okta is aware of the reports and is currently investigating,” Okta spokesperson Chris Hollis told CNN in a statement. “We will provide updates as more information becomes available.”
The company’s software allows businesses to authenticate the identity of their customers and employees. Okta has more than 15,000 customers, according to its website.
Shares of Okta were down nearly 8% in premarket trading Tuesday.
Reuters first reported that Okta was looking into reports of a possible digital breach after a hacking group known as Lapsus$ claimed responsibility for the incident and published screenshots claiming access to an Okta internal administrative account and the firm’s Slack channel.
Lapsus$, a mysterious hacking group that emerged in December, claimed on the messaging app Telegram that it did not steal any databases from Okta itself, but that “our focus was ONLY on Okta customers.”
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors,” McKinnon tweeted, referring to a subcontractor that works with Okta. “The matter was investigated and contained by the subprocessor.”
Lapsus$ has claimed to have stolen data from several high-profile corporate victims since December. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.
But much about the group is a mystery. There is no evidence that the hackers have used ransomware to try to extort the victims, according to a March 17 analysis by cybersecurity firm Digital Shadows. The group appears to have tried to recruit rogue employees at companies who would be willing to cough up passwords to help with the hacks, Digital Shadows analysts said.
Lapsus$ has gone out of its way on its Telegram channel to emphasize that it is “not state sponsored” and that its “only goal is money.”