Ax Sharma reports:
Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach.
On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be Okta’s customer data.
So far, the company seems to be claiming that there is no evidence of any new malicious activity and that the data are related to a previously acknowledged incident in January.
Read more at BleepingComputer.
While Okta customers are scrambling to investigate and take action, Emily Freeman sent a message of support to Okta’s own team:
HugOps to everyone at Okta. This week is gonna suck. ❤️
— emily freeman ???? (@editingemily) March 22, 2022
Meanwhile, Microsoft is also investigating other claims by Lapsus$. Lawrence Abrams reports:
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server.
Early Sunday morning, the Lapsus$ gang posted a screenshot to their Telegram channel indicating that they hacked Microsoft’s Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.
Read more at BleepingComputer.
Some researchers and analysts are commenting publicly on Twitter about the data leaked by Lapsus$, and suggest that it may have much more data than has already been publicly noted:
We are far beyond Cortana and Bing’s map. From what I can say, #Lapsus #Microsoft leak is 100% genius and it contains a lot of data, including some emails and some strong name signing pub/priv keys, some code signing certificates …and well A LOT OF CODE. pic.twitter.com/napfEw3L5M
— Soufiane Tahiri (@S0ufi4n3) March 22, 2022
Post updated to include reaction tweets.