Skip to main content

Okta security breach may affect Mac and iPhone enterprise setups; vigilance urged

Hackers have posted credible screengrabs to back reports of an Okta security breach. Otka provides single sign-on user authentication tools in the enterprise sector, with a huge range of blue-chip clients. Its tools are available for Mac and iOS, as well as Windows and Android.

The hacking group LAPSUS$, known for its ransomware attacks, says that it is targeting Otka users …

An Okta compromise is a potentially huge deal for business customers as it provides single sign-on access to both devices and services, so it could allow attackers very substantial access to corporate data.

Okta is a secure identity cloud that links all your apps, logins and devices into a unified digital fabric. With Okta, you’re up and running on day one, with every app and program you use to work, instantly available. Whether you’re at your desktop or on the go, Okta seamlessly connects you to everything you need.

Reuters reports.

Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment.

A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications.

Independent security experts say that that the evidence provided is solid.

“I definitely do believe it is credible,” said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta’s internal tickets and its in-house chat on the Slack messaging app.

Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be “very vigilant right now.”

Okta itself confirmed a security breach, which it said was the result of a third-party support engineer’s account being compromised. It says this occurred in January and was ‘contained.’ However, it is concerning that the company does not appear to have notified customers at the time, and no details are yet available on the exact data accessed.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications