{"id":19461,"date":"2022-03-22T12:09:35","date_gmt":"2022-03-22T16:09:35","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/okta-hack-consequences\/19461\/"},"modified":"2022-03-23T16:12:53","modified_gmt":"2022-03-23T12:12:53","slug":"okta-hack-consequences","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/okta-hack-consequences\/19461\/","title":{"rendered":"What are the possible consequences of Okta hack?"},"content":{"rendered":"

Hackers belonging to the LAPSUS$ cybercrime group have published screenshots, allegedly taken from inside Okta\u2019s information systems. If the claims are true, they have access not only to the company\u2019s website, but also to a number of other internal systems, including quite critical ones.<\/p>\n

LAPSUS$ claims that they did not steal any data from the company itself, and that their targets were mainly Okta\u2019s customers. Judging by the dates on the screenshots, the attackers had access to the systems as early as January 2022.<\/p>\n

What is Okta and why could the breach be so dangerous?<\/h2>\n

Okta develops and maintains identity and access management systems. In particular, they provide a single sign-on solution. A huge number of large companies employ Okta\u2019s solutions.<\/p>\n

Kaspersky Lab experts believe that the hacker\u2019s access to Okta\u2019s systems can explain a number of the rather high-profile data leaks from large companies, for which hackers from LAPSUS$ have already claimed responsibility.<\/p>\n

How cybercriminals gain access to Okta\u2019s systems?<\/h2>\n

At the moment there is no conclusive evidence that the hackers really gained access. According to an Okta\u2019s official statement<\/a>, its specialists are currently conducting an investigation and the company promises to share details as soon as the investigation is completed. It is possible that the published screenshots are related to the January incident, when an unknown actor tried to compromise the account of a technical support engineer working for a third-party subcontractor.<\/p>\n

Updated on March 23, 2022: LAPSUS$ has published their reply to Okta\u2019s official statement in which they accuse the company in attempts to downplay the impact of the breach.<\/p>\n

\"LAPSUS$<\/a><\/p>\n

Who are the LAPSUS$ group and what do we know about them? <\/h2>\n

LAPSUS$ gained fame in 2020 when they compromised the Brazilian Ministry of Health\u2019s systems. Presumably, this is a Latin American hacker group that steals information from large companies for ransom. If the victims refuse to pay, the hackers publish the stolen information on the Internet. Unlike many other ransomware groups, LAPSUS$ does not encrypt the data of hacked organizations, but simply threatens to leak the data in case of non-payment of the ransom.<\/p>\n

Notable victims of LAPSUS$ include Nvidia, Samsung and Ubisoft. In addition, they recently released 37 GB of code believed to be related to internal Microsoft projects.<\/p>\n

How to stay safe? <\/h2>\n

At the moment it is impossible to say with absolute certainty that the incident really happened. The publication of screenshots in itself is a rather strange move that may be aimed at self-promotion of the hackers, an attack on Okta\u2019s reputation, or an attempt to hide the real method by which LAPSUS$ gained access to one of Okta\u2019s clients.<\/p>\n

That said, to play it safe our experts recommend Okta\u2019s clients to employ the following protective measures:<\/p>\n