Okta, an identity and access management company, has updated a previous statement that stated that their service has not been breached. The updated statement now mentions that small percentage of the company's customers may have been affected by a data breach.
The company has confirmed that it has already reached out to affected customers. Customers have been assured that they do not need to take corrective actions.
The statement follows claims by notorious hacking group LAPSUS$ that they have been able to hack Okta. As proof, the group posted screenshots of the company's Slack channels and more on Telegram.
LAPSUS$ has been responsible for previous hacks on Ubisoft, Samsung, NVIDIA, Vodafone, and most recently, Microsoft.
Okta Confirms 'Small Percentage of Customers' Possibly Affected by Data Breach
Okta has confirmed in an updated statement that "a small percentage of customers" have possibly been affected by a data breach. According to a report by The Verge, notorious hacker group LAPSUS$ has claimed responsibility for the attack.
The updated statement posted by Okta on March 22 at 6:31 p.m. Pacific time says that "After a thorough analysis of these claims, we have concluded that a small percentage of customers - approximately 2.5% - have potentially been impacted and whose data may have been viewed or acted upon."
The company's previous statement, which was posted on the same day but at 10:45 a.m. Pacific state, initially said that "The Okta service has not been breached and remains fully operational."
Okta has emphasized in its updated statement tha the service still remains fully operational. It has also assured customers that they do not have to take corrective actions.
Furtnermore, the company also said that affected customers have already been contacted.
LAPSUS$ Group Claims Responsibility for the Hack
According to the report by The Verge, notorious hacking group LAPSUS$ has claimed that it hacked Okta.
As evidence, screenshots of alleged internal systems of the company have been shared on Telegram. The screenshots include photos of Okta's Slack channels as well as one of a Cloudflare interface.
"Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems," the report adds.
Other Recent LAPSUS$ Hacks
LAPSUS$ has regularly been in the headlines recently due to its cyberattacks on large corporations.
The most recent of which is the hack on Microsoft, which the tech giant has confirmed. According to an iTech Post report about the confirmation, Microsoft has emphasized that no customer data has been compromised.
Furthermore, only one account has been breached, which meant the hackers had limited access.
South Korean tech giant Samsung has also fallen victim to a LAPSUS$ hack. Other recent victims of LAPSUS$ include NVIDIA, Ubisoft, and Vodafone.