Online authentication security service provider Okta has warned all of its more than 15,000 customers to stay on high alert after hackers had managed to gain access to a laptop owned by one of its support engineers. The company said Tuesday that the hacker had access to the laptop for five days in January.
Okta clarified that its systems were not breached and remain secure and fully operational. Okta Chief Security Officer David Bradbury said its ability to authenticate logins is still secure and was unaffected by the incident.
Bradbury explained that the impact of the incident on customers is limited to those that its engineer had access to. He added that support engineers could facilitate the resetting of passwords and multi-factor authentication details, but they are unable to see the actual changes made.
The company's announcement comes only hours after Okta said that it was looking into claims of a suspected data breach. The announcement was made after a hacker group known as Lapsus$ claimed credit for the attack and published screenshots indicating that they had access to an Okta internal administrative account and the firm's Slack channel.
On the messaging app Telegram, Lapsus$ claimed that it did not steal any databases from Okta itself but that its focus was on the company's customers. Okta CEO Todd McKinnon said Tuesday morning that the company believes the group is involved in the latest attack.
The hacking group claimed in December that it was able to gain access to sensitive data from several high-profile Okta customers. Cybersecurity experts said the group has mostly been targeting corporations in Latin America, indicating that they may be based in the region.
Not a lot is known about the group, and they have not operated like other hacking groups in the past. Cybersecurity company Digital Shadows said the hackers had not used ransomware, and there is no evidence that they have tried to extort any of their victims. Digital Shadows said the group has also been recruiting rogue personnel at different companies to help them gain access to their systems. On Telegram, Lapsus$ claims that it is not state-sponsored and that its operations are not motivated by money.
Okta said it would be conducting a full investigation into the incident, and it would be actively contacting customers that may be affected. The company's stock plunged by more than 8% after it confirmed the hacking incident, but much of the losses were regained during the rest of the day.