Privacy Ninja


        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.


        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.


        • OTHERS

Okta Investigating Claims of Customer Data Breach From Lapsus$ Group

Okta Investigating Claims of Customer Data Breach From Lapsus$ Group

Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach.

On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be access to Okta’s backend adminsitrative consoles and customer data.

As a publicly-traded company worth over $6 billion, Okta employs over 5,000 people across the world and provides identity management and authentication services to major organizations including Siemens, ITV, Pret a Manger, Starling Bank, among others.

Also Read: PDPA Compliance for MCST: The importance of hiring a DPO

Lapsus$ claims to have Okta customer data

Data extortion group Lapsus$ claims to have acquired “superuser/admin” access to and that it accessed Okta’s customer data, as seen by BleepingComputer:

Lapsus claims to have breached Okta
Lapsus$ claims to have obtained Okta customer data (BleepingComputer)

“Okta is aware of the reports and is currently investigating,” an Okta spokesperson told BleepingComputer.

“We will provide updates as more information becomes available.”

Screenshots shared by Lapsus$, as seen by BleepingComputer, show the system date set to January 21st, 2022, indicating the hack may have occurred months ago.

One of the screenshots displaying Lapsus$’ ‘superuser’ access to Okta’s admin console also includes an URL with an email belonging to an Okta customer support representative who was likely compromised.

Also Read: Spam Control Act: 4 best practices organizations must consider

Okta co-founder and CEO Todd McKinnon has now confirmed this:

“We believe the screenshots shared online are connected to this January event,” says McKinnon.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

However, one of the posted screenshots indicates that Lapsus$ could change customer passwords using Okta’s admin panel.

Security researchers are worried that the hacking group could have used this ‘superuser’ access as a way to breach customer’s servers who use the company’s authentication solutions.

Lapsus$ also reinforced this theory when they said they did not attack Okta to steal the company’s databases, but rather to target their customers.

“BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA – our focus was ONLY on okta customers,” Lapsus$ stated in a post on Telegram.

With many well-known companies using Okta’s services, including Fedex, Peloton, SONOS, T-Mobile, Hewlett Packard Enterprise, and JetBlue, this is obviously of significant concern.

Lapsus$ is on a leaking binge

The development follows Lapsus$’ claims that it breached Microsoft’s internal Azure DevOps server.

On Monday, Lapsus$ leaked what it claims to be 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects, and Microsoft confirmed it was investigating.

Additionally, the group claimed today that it breached LG Electronics (LGE) for the “second time” in a year. BleepingComputer has not confirmed this claim and has reached out to LG:

Lapsus claims to have breached LG Electronics
Lapsus$ says it also breached LG Electronics (BleepingComputer)

Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies such as SamsungNVIDIA, and Mercado Libre who confirmed this month it had suffered a breach.

Data extortion groups like Lapsus$ breach victims, but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met.

If Lapsus$’s claims of breaching Okta’s systems turn out to be accurate, it remains yet to be found out how many of Okta’s customers were impacted and to what extent.

Update March 22nd, 5:24 AM ET: Added new statement from Okta CEO McKinnon.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us