Authentication firm Okta shares plunge after hack warning

Miniatures of people appear in front of the Okta logo in this illustration taken on March 22, 2022. REUTERS/Dado Rovich/Illustration

Register now to get free unlimited access to Reuters.com

WASHINGTON (Reuters) – Shares of Octa Inc fell 9 percent on Wednesday after the U.S. digital authentication firm said hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$.

The hack raised alarm as the cyber-extortion ring posted what appeared to be internal footage from within the organization’s network about a day ago. Read more

David Bradbury, Okta’s chief security officer, said in a series of blogs Posts The ‘potential maximum impact’ was on 366 clients whose data was accessed by an outside contractor.

Register now to get free unlimited access to Reuters.com

Bradbury said the contractor, the Settle Group, had hired an engineer for his laptop that had been hijacked by hackers, adding that the number 366 represented a “worst case scenario” and that the hackers were restricted in the scope of their potential actions.

In an emailed statement, a representative of Sykes, a Settle group company, said the company was unable to comment on its relationship with its customers but that it had conducted an “immediate and thorough” investigation into the breach and had since decided it was no longer a security risk.

San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and apps, so a breach could have serious consequences. Read more

Bradbury said hackers would not be able to perform actions such as downloading customer databases or accessing Okta’s source code.

See also  The International Energy Agency warns that Russia could lose 30% of its oil production within weeks

He added that Octa first received the hack in January, while Miami-based Settle Group only received a forensic report on the incident on March 10, giving Octa a summary of the findings a week later.

Bradbury said he was “deeply disappointed by the long period between our notification to Seattle and the release of the full investigation report.”

Register now to get free unlimited access to Reuters.com

Raphael Satter reports. Editing by Shri Navaratnam, Bernadette Bohm and Alexander Smith

Our criteria: Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published.