Authentication security vendor Okta is investigating claims by a prolific ransomware group that it had admin access to its back-end systems for months, potentially enabling it to target a range of big-name companies.
The Lapsus group has in recent weeks revealed breaches of big brand tech companies including Nvidia, Samsung, Ubisoft and Vodafone. This week, the most recently emerged as Microsoft after the group claimed to have leaked 37GB of the tech giant’s source code online.
Concerns are now emerging that it was the group’s compromise of multi-factor authentication specialist Okta that enabled it to access so many tech companies over such a short period of time.
Lapsus screenshots reshared on Twitter indicate that the group had “superuser” or admin access to Okta.com.
“For a service that powers authentication systems to many of the largest corporations (and FedRAMP approved) I think these security measures are pretty poor,” it wrote. “Before people start asking: we did not access/steal any databases from Okta – our focus was only on Okta customers.”
Alongside superuser rights, the group’s screenshots purportedly show that they had access to Okta’s AWS, Jira, Confluence, Zoom, Salesforce, Splunk, Google Workspace, and other internal enterprise accounts. Read more:https://bit.ly/36dV470