Authentication firm Okta shares plunge after hack warning

Miniatures of people appear in front of the Okta logo in this illustration taken on March 22, 2022. REUTERS/Dado Rovich/Illustration

WASHINGTON, March 23 (Reuters) – Shares in Octa, Inc (OKTA.O) It fell 10.5% on Wednesday after the US digital authentication firm said hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$.

The hack raised alarm as the cyber-extortion ring posted what appeared to be internal footage from within the organization’s network about a day ago. Read more

David Bradbury, chief security officer at Okta, said in a series of blogs Posts The ‘potential maximum impact’ was on 366 clients whose data was accessed by an outside contractor.

Bradbury said the contractor, Miami-based Settle Group, hired an engineer for the laptop that was hijacked by the hackers, adding that 366 represented a “worst case scenario” and that the hackers were restricted within their potential actions.

In an emailed statement, a representative of Sykes, a Settle group company, said the company was unable to comment on its relationship with its customers but that it had conducted an “immediate and thorough” investigation into the breach and had since decided it was no longer a security risk.

San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and apps, so any breach could have serious consequences. Read more

Bradbury said hackers would not be able to perform actions such as downloading customer databases or accessing Okta’s source code.

Okta has been criticized for her reaction to the hack, especially as it turns out that the company either knew – or could have known – there was a problem much earlier.

Bradbury said Octa was first hit with a potential breach in January, explaining that it immediately alerted Settle Group. But only on March 10 did Settle receive a forensic report about the accident, giving Okta a summary of the findings a week later.

Bradbury said he was “deeply disappointed by the long period between our notification to Settle and the release of the full investigation report.”

The hack – and Octa’s response – has some investors worried. A swoon in the stock market put it on track for its worst one-day percentage drop in two years, and Raymond James Equity Research downgraded the stock from “strong buy” to “performing market,” partly citing Octa’s handling of the crash.

Raphael Satter reports. Editing by Shri Navaratnam, Bernadette Bohm, Alexander Smith and Bernard Orr

Our criteria: Thomson Reuters Trust Principles.