Identity provider Okta was the victim of a breach perpetrated by a hacking group known as Lapsus$. The impact and extent of the breach are still being investigated; however, several details have been released:
- The attacker had access to an Okta engineer’s laptop for five days, though the service itself had not been breached and is still fully functional.
- The impact appears to be limited to the ability to reset passwords and MFA factors. Investigation into the full impact of the breach is ongoing.
- Okta has stated that the attackers would not have access to customer passwords or user databases.
In a statement issued by Okta, they noted that 2.5% of their customers may have had their data viewed or acted upon. These customers have been contacted directly.
While the investigation is unfolding, Drawbridge recommends that Okta customers take precautionary measures to ensure their Okta environment is as secure as possible