After announcing the conclusion of investigations into the breach claimed by the Lapsus$ group, Okta had stated on Tuesday afternoon (22) that the service had not been breached and that it remained fully in operation, without the need for corrective measures. to be taken by customers. However, just yesterday, the US authentication services provider later stated that 2.5% of its customers were ‘potentially’ affected by the group’s cyber attack.
The number is close to 375 organizations, as Okta serves more than 15 thousand companies. “We have identified these customers and are contacting them directly. If you are an Okta customer and have been impacted, we have already contacted you directly via email,” explains Okta’s latest update on Tuesday night.
Cloudflare reacts to confirmation
In one of the screenshots posted by Lapsus$, the email address of a Cloudflare employee whose password was about to be reset by the attackers is visible.
Image: Lapsus$
On Tuesday, the US web infrastructure and website security company revealed that the company’s email account visible in the screenshot was suspended about 90 minutes after the Security Incident Response Team (SIRT) received a notification from the problem, early in the morning of the 22nd (3:30 am UTC or 0:30 am Brasília time).
According to CloudflareOkta’s services are used internally for employee identity integrated into the authentication stack and that customers don’t need to worry about, “unless they use Okta themselves”.
According to information from BleepingComputer, Cloudflare has verified all modified password or MFA resets since December 1, 2021, to zero the chances of unauthorized access to employee accounts. In total, the company forced the password reset of 144 accounts.
In the first statement, Okta mentioned that it became aware of the breach after detecting “a failed attempt to compromise the account of a customer support engineer working for a third-party vendor”, which took place between January 16 and 21.
While terminating the compromised user’s active sessions and suspending the account, the company notified the provider of the issue.
Okta stocks down
As new details about the Okta data breach began to emerge, the company’s (NASDAQ: OKTA) stock on the second largest US stock exchange saw a decline.
This Wednesday (23), as of 11:50 am Brasília time, the shares had fallen 8.1%, according to the american stock exchange Nasdaq.
It is possible that Okta will recoup most of the losses, however, the incident and the delay in making public the breach that occurred in January could damage the reputation of a company that provides secure identity management.
