Photo: Getty Images
Digital identity management firm Okta acknowledged that hundreds of their clients might have been affected amid an ongoing investigation of a January cybersecurity incident.
“[W]e have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon,” Okta chief security officer David Bradbury said.
According to its website, Okta has over 15,000 customers.
Following hacker group Lapsus$’s claims that it had access to Okta’s internal administrative account and the firm’s Slack channel, Okta had publicly acknowledged the breach.
The breach alarmed cybersecurity experts because Okta is used among big organizations, and they may have access to essential data.
But, Bradbury said Tuesday that the Okta service itself hadn’t been breached, and the hackers had instead accessed an engineer’s laptop who was providing technical support to Okta.
“The potential impact to Okta customers is limited to the access that support engineers have,” Bradbury said. He added that, “support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords.”