Between January 16-21, 2022, an attacker from the LAPSUS$ digital extortion group had access to the laptop of an Okta Customer Support Engineer who was working for an Okta third-party provider. Support Engineers have limited access/permissions, including:
- Access to Jira tickets.
- Access to Okta user lists.
- Can facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords.
- Cannot create or delete users.
- Cannot download customer databases.
Approximately 2.5% of Okta users have potentially been impacted and whose data may have been viewed or acted upon. If you are an Okta user, refer to the Okta LAPSUS$ Resource Center for guidance and follow Cybersecurity News to stay informed as we learn more about how we can help you further.