The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider.
The report comes after the hackers posted what they claim to be screenshots of Okta’s internal company environment.
Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially concerning.
The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement.
“We will provide updates as more information becomes available,” he added.
The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was “ONLY on Okta customers.”
LAPSUS$ has been especially active recently, claiming to have hit tech giants Samsung, Nvidia and Microsoft all in the last month.
Security researchers have told Reuters that the screenshots do seem to be legitimate.
Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be “very vigilant right now.”
In an email, Tentler added, “There are timestamps and dates visible in the screenshots indicating January 21st of this year, which suggests they may have had access for two months.”