https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ Okta Looks like you have Javascript turned off! Please enable it to improve your browsing experience. Skip to main content Updated Okta Statement on LAPSUS$ Updated Okta Statement on LAPSUS$ Read more Read more Updated Okta Statement on LAPSUS$ United States * United Kingdom * France * Germany * Japan * Netherlands * Australia * Singapore * Korea * Sweden Search okta logo * Products + o # Products Securely connect the right people to the right technologies at the right time o # Single Sign-On Single Sign-On Secure cloud single sign-on that IT, security, and users will love # Universal Directory Universal Directory One directory for all your users, groups, and devices # Advanced Server Access Advanced Server Access Server access controls as dynamic as your multi-cloud infrastructure # API Access Management API Access Management APIs are the new shadow IT. Secure them ASAP to avoid API breaches. o # Multi-factor Authentication Multi-factor Authentication Secure, intelligent access to delight your workforce and customers # Authentication Authentication Create secure, seamless customer experiences with strong user auth # User Management User Management Collect, store, and manage user profile data at scale # B2B Integration B2B Integration Take the friction out of your customer, partner, and vendor relationships o # Lifecycle Management Lifecycle Management Manage provisioning like a pro with easy-to-implement automation # Access Gateway Access Gateway Extend modern identity to on-prem apps and protect your hybrid cloud # Workflows No code identity automation and orchestration + o Go Farther Explore how our platforms and integrations make more possible o Okta Platform Foundational components that power Okta product features o Okta Integration Network 7,000+ deep, pre-built integrations to securely connect everything o Auth0 Platform See how Okta and Auth0 address a broad set of digital identity solutions together o The Okta Advantage Discover why Okta is the world's leading identity solution * Solutions + o # Workforce Identity Protect + enable your employees, contractors + partners # Securely enable remote work Securely Enable Remote Work Boost productivity without compromising security # Improve M&A Agility Improve M&A Agility Centralize IAM + enable day-one access for all # Reduce IT Friction Reduce IT Friction Minimize costs + foster org-wide innovation # Move to the Cloud Move to the Cloud Modernize IT, without the headaches # Collaborate with Partners Collaborate with Partners Reduce IT complexities as partner ecosystems grow # Adopt Office 365 Adopt Office 365 Roll out O365 painlessly + securely # Learn more about Workforce Identity o # Customer Identity Create frictionless registration + login for your apps # Transform into a Digital Platform Transform into a Digital Platform Secure your transition into the API economy # Cultivate User Trust Cultivate User Trust Secure customer accounts + keep attackers at bay # Modernize Infrastructure Modernize Infrastructure Retire legacy identity + scale app development # Build Highly Scalable Apps Build Highly Scalable Apps Delight customers with secure experiences # Secure Access to APIs Secure Access to APIs Create, apply + adapt API authorization policies # Protect Against Account Takeover Protect Against Account Takeover Thwart fraudsters with secure customer logins # Integrate Apps Integrate Apps Create a seamless experience across apps + portals # Learn more about Customer Identity + o Industries Get tailored guidance o Healthcare o Public Sector o Energy o Financial Services o Technology o Travel + Hospitality o Nonprofit * Developers + o # Docs Quickly implement auth into your apps # Languages + SDKs Languages + SDKs Libraries and full endpoint API documentation for your favorite languages # Guides Guides Make "hello, world" in minutes for any web, mobile, or single-page app. Learn how to protect your APIs. # Changelog Changelog Additions and changes to the Okta Platform o # Resources Learn more and join Okta's developer community # Developer Blog Developer Blog Check out the latest from our team of in-house developers # Forum Forum Get help from Okta engineers and developers in the community # Integrate with Okta Integrate with Okta Make your apps available to millions of users + o Get Started Spend less time on auth, more time on building amazing apps o Okta Developers o Auth0 Developers o Pricing o Sign Up * Resources + o # Discover Explore Okta content # Customer Case Studies Customer Case Studies # Changelog Content Library # Demo Center Demo Center # Developer Blog Blog # Events Events # Identity 101 Identity 101 o # Customer First Unleash your full potential with Okta # Cultivate User Trust Customer First Overview # Training Training # Certification Certification # Customer Success + Support Services Customer Success + Support Services # Enterprise Professional Services Professional Services # Okta Community Okta Community # Find a Partner Find a Partner + o Get Help Got questions? We have answers. o Help + Support o Developer Documentation o Product Documentation * Company + o # Company Okta is the identity provider for the internet. Learn about who we are and what we stand for. o # About Us About Us Okta is the leading provider of identity. See more about our company vision and values. # Leadership Leadership Meet the team that drives our innovation to protect the identity of your workforce and customers # Careers Careers We build connections between people and technology. Will you join us? o # Responsibility Responsibility Learn about our Environmental, Social and Governance (ESG) program # Okta for Good Okta for Good Learn about our mission to strengthen the connections between people, technology and community # Diversity, Inclusion + Belonging Diversity, Inclusion + Belonging Learn about our commitment to racial justice and equality o # Customer Success + Support Services Partners See how our partners help us revolutionize a market and take identity mainstream # Investors Investors Get the latest Okta financial information and see upcoming investor events # Forum Contact Browse resources that answer our most frequently asked questions or get in touch Try Okta Contact Sales * +1 (800) 425-1267 * Email * Chat Login * United Kingdom * France * Germany * Japan * Netherlands * Australia * Singapore * Korea * Sweden * Blog Updated Okta Statement on LAPSUS$ Okta CSO David Bradbury David Bradbury Chief Security Officer March 22, 2022 The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers. In January 2022, Okta detected an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider. As part of our regular procedures, we alerted the provider to the situation, while simultaneously terminating the user's active Okta sessions and suspending the individual's account. Following those actions, we shared pertinent information (including suspicious IP addresses) to supplement their investigation, which was supported by a third-party forensics firm. Following the completion of the service provider's investigation, we received a report from the forensics firm this week. The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop. This is consistent with the screenshots that we became aware of yesterday. The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data - for example, Jira tickets and lists of users - that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords. We are actively continuing our investigation, including identifying and contacting those customers that may have been impacted. There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers. We take our responsibility to protect and secure our customers' information very seriously. We are deeply committed to transparency and will communicate additional updates when available. David Bradbury Chief Security Officer David Bradbury is the Chief Security Officer at Okta. He oversees security execution, and is responsible for a team navigating the evolving threat landscape to best protect employees and customers. He is also at the forefront of helping Okta's customers adopt and accelerate Zero Trust security strategies. Prior to Okta, David was the Senior Vice President and Chief Security Officer at Symantec where he oversaw all cyber security and physical security programs. He has an international reputation for leading and delivering cybersecurity at scale. David has worked across the globe from his native Australia to the UK and the US, leading highly regarded security teams at some of the world's largest banks including ABN, AMRO, Barclays, Morgan Stanley and the Commonwealth Bank of Australia. David has a Bachelor's Degree in Computer Science from the University of Sydney. Follow David Bradbury Share on Linkedin Previous Next March 22, 2022 As Firms Negotiate COVID-19, New Apps and Services Take Centre Stage By Brett Winterford Since March of 2020, organizations worldwide have turned to technology to stay afloat during the interruptions caused by the COVID-19 pandemic. Companies... Read now March 22, 2022 Okta Official Statement on LAPSUS$ Claims By Okta In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The... Read now March 21, 2022 Okta's Custom Admin Roles: Flexibility + Security for Strategic Growth By Beth Wang As businesses grow, the number of teams and apps will inevitably grow with them. And that means tackling the administrative challenges that come with growing... Read now March 18, 2022 What's New in Okta Workflows? Backup to GitHub and 17 New System Log Events By Max Katz The Okta Workflows team has released new features to help you build and customize Workflow and Automatons. Read on for details about these two new capabilities... Read now March 17, 2022 Here's Why CIAM is a Digital Differentiator By Bora Repishti Organizations have had to adapt quickly and act decisively to deliver best-in-class digital experiences for their customers. In this expanding landscape, it's... Read now * Company + About Us + Careers + Pricing + Press Room + Support + Trust + Status + Customer Experience Center * Resources + Blogs + Demos + Webinars + Whitepapers + Datasheets + Infographics + Zero Trust + ROI Calculator + Businesses @ Work + Identity 101 * Platform + Overview + Directories + Integrations + Insights + Identity Engine + Workflows + Devices * Features + FastPass + Passwordless Authentication + Hooks + Admin Experience + End-User Experience * YouTube * Facebook * Twitter * LinkedIn Call +1-800-425-1267, chat or email to connect with a product expert today Contact Sales United States * United Kingdom * France * Germany * Japan * Netherlands * Australia * Singapore * Korea * Sweden Footer utility * Privacy Policy * Security * Sitemap * Visit our Developer Site Copyright (c) 2022 Okta. All rights reserved.