Businesses on high alert as Okta report possible data breach

Okta, an authentication company used by thousands of organisations around the world, has confirmed it is investigating news of a potential breach

Cloud identity and access management provider Okta has confirmed that it's investigating a potential breach after the LAPSUS$ hacking group posted screenshots of what appears to be the back-end of Okta’s systems.

In a statement, Okta official Chris Hollis said the breach could be related to an earlier incident in January, which was contained. Okta had detected an attempt to compromise the account of a third-party customer support engineer at the time, said Hollis.

“We believe the screenshots shared online are connected to this January event,” he said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January”.

Growing attack surface leads to increasing security concerns 

A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications.

Oliver Pinson-Roxburgh, CEO at Bulletproof, said: “As the gatekeeper to the networks and data of thousands of organisations, a breach at Okta would have significant consequences. Even before the veracity of such an incident is confirmed, it is imperative for businesses to take proactive steps now - any delay risks the potential attack spreading. Businesses should be monitoring for any bad actors and compromised systems, and should any be found, containing the impact and working to restore normal operations as swiftly as possible.

Pinson-Roxburgh explained that as businesses become even more interconnected with partners and suppliers, the potential attack surface grows. Research from Bulletproof has shown that up to 40% of cyber threats are now occurring indirectly through the supply chain. 

“It is worth remembering that major cyber incidents can often stem from the simplest of vulnerabilities. Our research shows that hackers are still successfully using default credentials when attempting to gain access to systems. Addressing these small changes in cyber hygiene can have a major impact on an organisation’s readiness to defend against a cyber attack,” he added.

Continuing supply chain cyber risks

Okta was named by Gartner as a Leader in its Magic Quadrant for access management and has been for five years running. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time.

More than 15,000 organisations, including JetBlue, Nordstrom, Siemens, Slack, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers.

Oz Alashe, CEO of CybSafe and Chair of the UK government’s DCMS Industry Expert Advisory Group on cyber resilience: “The potential attack on Okta is a striking reminder of the supply chain's cyber risks. Cybercriminals will often identify the route of least resistance. An authentication tool such as Okta provides the opportunity to breach hundreds of large enterprises in one sweep.

“Securing networks, data and people is a challenge for organisations. The threat of proprietary data loss via third parties adds an additional layer of complexity to the equation. Potential breaches like this highlight the importance of making sure suppliers adhere to the same security principles if they wish to work with large global organisations.

“Organisations rely on third-party tools more than ever before. It’s not enough for businesses to only consider the security of their own internal systems. Data security must be a critical component of the due diligence process when selecting third party suppliers. Supply chains must be treated with the caution and care the threat merits.

“While Okta’s investigation is ongoing, it's important the security community doesn't jump to conclusions and harass its security team at this challenging time.”


Featured Articles

Accenture research finds AI ushering in a bold new future

Almost all execs agreed that generative AI technology will spark significant creativity and innovation, ushering in a new era of enterprise intelligence

UiPath and Amelia partnership to drive the future of work

Market leaders join forces to create an automated, integrated, and Conversational AI-driven IT Service Desk solution that reimagines employee experiences

Transition to multicloud a risk worth taking, report shows

With customer expectations rising, banks must leverage the capabilities of the cloud to improve service delivery and protect sensitive information

Oxbotica and Google Cloud to accelerate autonomous solutions

AI & Machine Learning

AI welcome but human-centered IT support key to productivity

AI & Machine Learning

Machine Customers one of the biggest growth opportunities

Digital Transformation