Miniatures of people appear in front of the Okta logo in this illustration taken on March 22, 2022. REUTERS/Dado Rovich/Illustration
Register now to get free unlimited access to Reuters.com
WASHINGTON, March 23 (Reuters) – Shares in Octa, Inc (OKTA.O) It fell 10.5% on Wednesday after the US digital authentication firm said hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$.
The hack raised alarm as the cyber-extortion ring posted what appeared to be internal footage from within the organization’s network about a day ago. Read more
David Bradbury, chief security officer at Okta, said in a series of blogs Posts The ‘potential maximum impact’ was on 366 clients whose data was accessed by an outside contractor.
Register now to get free unlimited access to Reuters.com
Bradbury said the contractor, Miami-based Settle Group, hired an engineer for the laptop that was hijacked by the hackers, adding that 366 represented a “worst case scenario” and that the hackers were restricted within their potential actions.
In an emailed statement, a representative of Sykes, a Settle group company, said the company was unable to comment on its relationship with its customers but that it had conducted an “immediate and thorough” investigation into the breach and had since decided it was no longer a security risk.
San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and apps, so any hack could have serious consequences. Read more
Bradbury said hackers would not be able to perform actions such as downloading customer databases or accessing Okta’s source code.
Okta has been criticized for her reaction to the hack, especially as it turns out that the company either knew – or could have known – there was a problem much earlier.
Bradbury said Octa was first exposed to a potential hack in January, explaining that it immediately alerted the Settle group. But only on March 10 did Settle receive a forensic report about the accident, giving Okta a summary of the findings a week later.
Bradbury said he was “deeply disappointed by the long period between our notification to Seattle and the release of the full investigation report.”
The hack – and Octa’s response – has some investors worried. A swoon in the stock market put it on track for its worst one-day percentage drop in two years, and Raymond James Equity Research downgraded the stock from “strong buy” to “performing market,” partly citing Octa’s handling of the crash.
Register now to get free unlimited access to Reuters.com
Raphael Satter reports. Editing by Shri Navaratnam, Bernadette Bohm, Alexander Smith and Bernard Orr
Our criteria: Thomson Reuters Trust Principles.
“Beer aficionado. Gamer. Alcohol fanatic. Evil food trailblazer. Avid bacon maven.”