Photo: Getty Images
Amid an ongoing investigation of a January cybersecurity incident, digital identity management firm Okta acknowledged that hundreds of their clients might have been affected.
“[W]e have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon,” Okta chief security officer David Bradbury said in a statement.
According to its website, Okta has over 15,000 customers.
Okta publicly acknowledged the breach following hacker group Lapsus$’s claims that it had access to Okta’s internal administrative account and the firm’s Slack channel. Now 24 hours have elapsed.
The breach alarmed cybersecurity experts because Okta is used among big organizations.
But, Bradbury said Tuesday that the Okta service itself hadn’t been breached, and the hackers had instead accessed an engineer’s laptop who was providing technical support to Okta.
“The potential impact to Okta customers is limited to the access that support engineers have,” Bradbury said. He added that, “support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords.”