Authentication firm Okta shares plunge after hack warning

Miniatures of people appear in front of the Okta logo in this illustration taken on March 22, 2022. REUTERS/Dado Rovich/Illustration

Register now to get free unlimited access to Reuters.com

WASHINGTON (Reuters) – Octa said on Wednesday that hundreds of its customers may have been affected by a security breach involving hacker group Lapsus$, amid criticism of the digital authentication company’s slow response to the hack that sent its shares down nearly 11 percent. .

The hack raised alarm because the cyber-extortion gang posted what appeared to be internal screenshots from within the organization’s network about a day ago. Read more

David Bradbury, chief security officer at Okta, said in a series of blogs Posts The ‘potential maximum impact’ was on 366 clients whose data was accessed by an outside contractor.

Register now to get free unlimited access to Reuters.com

Bradbury said the contractor, Miami-based Settle Group, hired an engineer for the laptop that was hijacked by the hackers, adding that 366 represented a “worst case scenario” and that the hackers were restricted within their potential actions.

In an emailed statement, a representative of Sykes, a Settle group company, said the company was unable to comment on its relationship with its customers but that it had conducted an “immediate and thorough” investigation into the breach and had since decided it was no longer a security risk.

San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and apps, so any breach could have serious consequences. Read more

Bradbury said hackers would not be able to perform actions such as downloading customer databases or accessing Okta’s source code.

Octa, which has a market capitalization of $26 billion, has come under fire for its reaction to the hack, which shocked some experts as initially dismissive. Concern increased when it emerged that the company either knew – or could have known – that there was a problem much earlier.

Bradbury said Octa was first hit with a potential breach in January, explaining that it immediately alerted Settle Group. But only on March 10 did Settle receive a forensic report about the accident, giving Okta a summary of the findings a week later.

Bradbury said he was “deeply disappointed by the long period between our notification to Settle and the release of the full investigation report.”

The hack – and Octa’s reaction to it – has some investors worried. The 10.74 percent drop in the stock price was the worst one-day percentage drop since 2018, and Raymond James, an equity research firm, downgraded the stock from “strong buy” to “market perform,” partly citing Okta’s handling of the crash.

Register now to get free unlimited access to Reuters.com

Raphael Satter reports. Editing by Shri Navaratnam, Bernadette Bohm, Alexander Smith and Bernard Orr

Our criteria: Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *