Okta confirms January breach after hackers publish screenshots of its internal network

Identity giant Okta has confirmed a January network breach after hackers posted screenshots overnight apparently showing access to the company’s internal systems.

The Lapsus$ hacking group published several screenshots to its Telegram channel purporting to show internal Okta applications on January 21. Lapsus$ claimed it did not steal data from Okta, and that its focus was “only” on Okta customers.

Okta is used by thousands of organizations and governments worldwide to secure the authentication and sign-in security for company networks and internal systems.

In a brief tweet thread, Okta chief executive Todd McKinnon confirmed the January breach in a tweet thread overnight on March 22: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.”

“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

Okta’s McKinnon did not name the subprocessor. Okta has not yet responded to TechCrunch’s questions about the breach.

TechCrunch could not immediately verify the authenticity of the screenshots posted by Lapsus$. Security researcher Bill Demirkapi said that the screenshots contain several artifacts that suggest the hackers may have used a VPN to gain access to Okta’s network.

Lapsus$ has targeted several big-name companies in recent weeks, including Nvidia and Samsung. Just this week Microsoft said it was investigating a possible security breach. According to Wired, the group focused on Portuguese-language targets, including Portuguese media giant Impresa, and the South American telecom companies Claro and Embratel.


If you know more about the Okta breach or work at the company, get in touch with the security desk on Signal at +1 646-755-8849 or zack.whittaker@techcrunch.com by email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter