Okta Tries to Downplay Potential Breach, But Only Causes More Confusion

pcmag.com:

Okta is responding to concerns that it was hacked by inadvertently creating more confusion. 

On Tuesday, Okta published an updated statement concerning the potential breach of its systems, which many observers fear exposed access to 15,000 corporate customers, including major companies. The group allegedly behind the breach, LAPSUS$, has posted screenshots that supposedly show the hackers had administrative access to Okta’s internal systems.  

The company’s latest statement says “the Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.” Still, the same statement notes that back in January, the company did detect an attempt to compromise an account belonging to an Okta customer support engineer working at a third-party provider. 

The company describes the hacking attempt as “unsuccessful,” pointing to how it suspended the customer support engineer’s access. However, a report from a third-party forensics firm later found the attackers had “a five-day window of time” between Jan. 16-21 to access the engineer’s laptop. 

"This is consistent with the screenshots (LAPSUS$ shared) that we became aware of yesterday," the company added.

Okta left unsaid why it didn’t notify customers about the potential breach, but did note the third-party forensics firm only supplied its report on the January hack this week. Even so, Okta is claiming its customers shouldn’t worry, citing how the affected customer support engineer had limited access to company systems. 

“These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data—for example, Jira tickets and lists of users— that were seen