Okta Says Hundreds of Customers May Have Been Exposed by January Breach

The authentication company says the January incident was contained and that it found no evidence of malicious activity.

Antonio Ruiz Camacho Former principal writer
Antonio Ruiz-Camacho was a principal writer covering personal finance. Prior to this, he was with Bankrate Credit Cards and CreditCards.com, where he led the editorial team for nearly five years. His writing has appeared in The New York Times, Texas Monthly, Texas Highways, Salon and elsewhere. Also a fiction writer, he earned his MFA from the University of Texas at Austin's New Writers Project and is the author of the award-winning short story collection "Barefoot Dogs."
Antonio Ruiz Camacho
2 min read
Markus Spiske / Unsplash

Okta, the authentication giant that provides identity services to more than 15,000 companies, suffered a data breach in January, Okta CEO Todd McKinnon confirmed Tuesday. 

"In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor," McKinnon said on Twitter.

After initially offering only brief statements, the company later Tuesday said that a maximum of 366 customers, about 2.5% of the businesses and companies that use its service, may have been affected by the breach. The breach originated with a computer used by one of Okta's third-party customer support engineers, which hackers had access to between Jan. 16 and Jan. 21. Okta said in a blog post that it had already contacted impacted customers, adding that customers don't need to take any corrective measures. 

Okta started investigating the data breach attempt after screenshots of what appeared to be the company's internal tickets and its in-house chat on Slack, the messaging app, were posted online Monday, according to Reuters. The screenshots were allegedly posted by Lapsus$, a group of ransom-seeking hackers, on their Telegram channel, according to Reuters.

"We believe the screenshots shared online are connected to this January event," McKinnon said on Twitter. "Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."

Okta is a company that offers two-factor authentication to thousands of companies and organizations, including JetBlue, Nordstrom, Siemens, Slack and Teach for America.

This attempt came after a record-breaking year in data breaches across all industries. In 2021, data breaches jumped 68% year over year to the highest total ever, according to an Identity Theft Resource Center report.

On Tuesday, Microsoft confirmed that the Lapsus$ hacking group gained "limited access" to a single account. The news came after the South American hacking group claimed to have hacked Microsoft and obtained partial source code for Bing, Bing Maps and Cortana.

Okta didn't respond to a request for additional comment.