Five questions about the hack on Okta and the mysterious Lapsus$ hacker group
Security platform Okta has not been hacked, it says itself. Or is it. Well, a small number of customers. And hackers’ claims that they’ve hacked all customers are authentic, but exaggerated. We discuss what we know about the attackers and the consequences of this attack.
Who or what is Okta?
Single sign-on provider Okta has had two rough days as notorious hacker group Lapsus$ claims to have penetrated deep into its systems. Okta is a San Francisco security company that has been in business since 2009 and has built an impressive portfolio of clients in that time. The company calls itself an ‘Identity Provider for the Internet’. In practice, it offers an authentication platform with which organizations can do identity management. For example, system administrators can singlesign-onplatform to view and manage the access rights of all users within an organization in a portal. It is important to mention that this platform is cloud-based and companies therefore do not keep it under their own management.