Thousands of businesses have been put on high alert after hackers breached the systems of a company used by millions of employees to log into sensitive corporate networks.
Okta, a US-based identity management company, confirmed it had been compromised after the cyber criminal gang Lapsus $ shared screenshots of what appeared to be customer data.
Okta is used by more than 6,000 companies worldwide. The breach potentially means criminals can access internal data from any of those companies.
Shares fell 4pc in New York, valuing the company at $ 24.7bn.
The hack took place after the account of a “third party customer support engineer” with access to its systems was compromised by Lapsus $ in January, Okta said.
One screenshot shared by Lapsus $ appeared to show login details for a software engineer at Cloudflare, the web infrastructure company.
Matthew Prince, chief executive of Cloudfare, tweeted that his company will reset login credentials for employees who had changed their passwords in the past four months, “out of abundance of caution”.
Oz Alashe, chief executive of cybersecurity firm CybSafe, commented: “The potential attack on Okta is a striking reminder of the supply chain’s cyber risks. Cybercriminals will often identify the route of least resistance. “
So-called supply chain attacks have become more popular with cybercriminals in recent years. The technique refers to infiltrating the systems of a company that supplies business-critical software to a large number of clients, or one that supplies a high value target.
In late 2020 Russia’s GRU spy agency illicitly accessed SolarWinds, a maker of network management software, gaining access to about 18,000 of its customers.
Lapsus $ has previously been linked to cyberattacks against graphics card manufacturer Nvidia as well as Microsoft, Samsung and games developer Ubisoft.
Its spree of cyberattacks against high-profile tech companies resembles a tactic used by a different cybercriminal gang called Cl0p.
Last year Cl0p abused a software vulnerability in a widely-used file transfer appliance made by Accellion in a similar rampage.
The vulnerability gave the criminals a backdoor into companies from the tech, pharmaceutical, manufacturing and finance sectors among others.