Dark Web Links to Massive Hack
A major dark web security breach sets thousands of businesses, with millions of customers, around the world on red alert. Okta, an authentication service used by thousands of businesses has confirmed that dark web hackers had accessed one of its employees’ laptops for five days in January 2022. The company also confirmed that around 2.5 percent of its customers may have been affected yet promises its service remains fully operational with no signs of compromise.
In accordance with the devastating blow, notorious dark web hacker group, Lapsus$, shared screenshots of Okta’s internal systems to its Telegram channel, including one that appears to show Okta’s Slack conversations and another with a Cloudflare interface.
However, any Okta hack could have serious consequences for the hacked businesses, universities, and government agencies that rely on Okta to authenticate user access to their internal systems.
Okta Hack compromised Millions
According to Chief Security Officer of Okta, David Bradbury, all compromised customers are being contacted directly after being identified by Okta’s recovery team. They further claim to be providing this interim update in accordance with core values of transparency and integrity in mind.
Okta assures that the dark web hackers most likely had limited access to their systems, and no corrective measures needed to be taken by their clientele in response to this hack. Much of what the impacted Okta customers faced was limited to the support engineers’ access. These engineers cannot create or delete users, nor can they download customer databases. Support engineers do have limited access to the data shown in the screenshots, such as Jira tickets and user lists. Additionally, support engineers may also help users reset their passwords and MFA factors, but they cannot obtain those passwords.
However, the Lapsus$ hacking group claims in its Telegram channel that it had “Superuser/Admin” access to Okta’s systems for two months. According to Lapsus$, the dark web hacking group had access to a thin client, not a laptop, and had discovered Okta storing AWS keys in Slack channels. The hackers also warned that they would used the compromised data to target Okta’s customers, which span thousands of global businesses.