Okta whose authentication services are used by companies including Fedex and Moody’s to provide access to their networks, said on Tuesday that it had been hit by hackers and that some customers may have been affected.
The scope of the breach is still unclear, but it could have major consequences because thousands of companies rely on San Francisco-based Okta to manage access to their networks and applications.
Chief Security Officer David Bradbury said in a blog post that the computer of a customer support engineer working for a third-party contractor was accessed by the hackers for a five-day period in mid-January and that “the potential impact to Okta customers is limited to the access that support engineers have.”
“There are no corrective actions that need to be taken by our customers,” he said.
Nevertheless, Bradbury acknowledged that support engineers were able to help reset passwords and that some customers “may have been impacted.” He said the company was in the process of identifying and contacting them.
The nature of that impact wasn’t clear, and Okta did not immediately respond to an email asking how many organizations were potentially affected or how that squared with Okta’s advice that customers did not need to take corrective action.
On its website, Okta describes itself as the “identity provider for the internet” and says it has more than 15,000 customers on its platform.
It competes with the likes of Microsoft, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multifactor authentication used to help users securely access online applications and websites.
Okta’s statement follows the posting of a series of screenshots of Okta’s internal communications by a group of ransom-seeking hackers known as Lapsus$ on their Telegram channel late on Monday.
In an accompanying message, the group said its focus was “ONLY on Okta customers.”
Lapsus$ responded to Okta’s statement on Tuesday by saying the company was trying to minimize the importance of the breach.
Some outside observers weren’t impressed with Okta’s explanation either.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, earlier told Reuters that Okta customers should “be very vigilant right now.”
There were signs that Okta customers were taking action to revisit their security.
Web infrastructure company Cloudflare issued a detailed explanation of how it reacted to the Okta breach and saying the company did not believe it had been compromised as a result.
FedEx said in a statement that it too was investigating and “we currently have no indication that our environment has been accessed or compromised.” Moody’s did not return a message seeking comment.
Lapsus$ is a relatively new entrant to the crowded ransomware field but has made waves with high-profile hacks and attention-seeking behavior.
The group compromised the websites of Portuguese media conglomerate Impresa earlier this year, tweeting the phrase “Lapsus$ is now the new president of Portugal” from one newspaper’s Twitter accounts. The Impresa-owned media outlets described the hack as an assault on press freedom.
Last month, the group leaked proprietary information about U.S. chipmaker Nvidia to the Web.
More recently the group has purported to have leaked source code from several big tech firms, including Microsoft. In a blog post published Tuesday and devoted to Lapsus$, the software firm confirmed that one of its accounts had been compromised, “gaining limited access.”
The hackers did not respond to a message left on their Telegram group chat seeking comment.