Okta, a provider of Single Sign On (SSO) and authentication services, has confirmed that their systems were breached between January 16-21, 2022. A data extortion group called Lapsus$ is claiming credit for the security breach and claims to have had “superuser” access to the Okta systems and their customer’s tenants. More details of the incident can be found at the Okta blog linked below.
If you are an Okta customer, we recommend taking the following steps:
- Disable Okta Support Access – it is currently believed that Lapsus$ only had access to customer tenants who enabled Okta support to access their environments
- Review all Okta High Privileged Accounts – look for any newly created accounts (especially those created in January 2022) and ensure they are legitimate
- Reset Okta Credentials for All Users Who Changed Password During January 2022 – we recommend taking this step out of an abundance of caution in case Lapsus$ had access to capture credentials during the password reset process
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
