The Okta hack could have serious consequences as thousands of other companies rely on the San Francisco-based company to manage access to their networks and apps.
In a brief statement, Octa official Chris Hollis said the company was aware of the reports and is conducting an investigation.
“We will provide updates as more information becomes available,” he added.
Screenshots were posted by a group of ransom-seeking hackers known as $LAPSUS$ on their Telegram channel late Monday. In an accompanying message, the group said its focus is on “Okta customers only.”
Security experts told Reuters the photos appeared to be original.
“I definitely think they’re credible,” said independent security researcher Bill Demirkapi, citing images of what appeared to be Okta’s internal tickets and internal chats on the Slack messaging app.
Dan Tentler, founder of cybersecurity consultancy Phobos Group, said he also believed the breach was real and urged Okta customers to be very careful for now.
Tentler added in an email, “There are timestamps and dates visible in the screenshots that point to January 21 this year, indicating that they may have access for up to two months.”