🔴 LIVE: The Secrets of ProPicks AI Success Revealed + November’s List FREEWatch Now

Authentication firm Okta's shares slide after hack warning

Published 03/23/2022, 12:49 AM
Updated 03/23/2022, 05:28 PM
© Reuters. FILE PHOTO: People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration
OKTA
-

By Raphael Satter

WASHINGTON (Reuters) - Okta (NASDAQ:OKTA) said on Wednesday hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$, amid criticism of the digital authentication firm's slow response to the intrusion that knocked its shares down about 11 percent.

The breach sparked concern because the cyber extortion gang had posted what appeared to be internal screenshots from within the organization's network roughly a day ago.

Okta's Chief Security Officer David Bradbury said in a series of blog posts that the "maximum potential impact" was to 366 customers whose data was accessed by an outside contractor.

The contractor, the Miami-based Sitel Group, employed an engineer whose laptop the hackers had hijacked, Bradbury said, adding that the 366 figure represented a "worst case scenario" and that the hackers had been constrained in their range of possible actions.

A representative for Sykes, a subsidiary of the Sitel Group, said in an emailed statement that the company was unable to comment on its relationship to its customers but it undertook an "immediate and comprehensive" investigation into the breach and had since determined there was no longer a security risk.

San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and applications, so any breach there could have serious consequences.

Bradbury said the intruders would have been unable to perform actions such as downloading customer databases or accessing Okta's source code.

Okta, whose market capitalization is $26 billion, has been criticized for its reaction to the hack, which struck some experts as initially dismissive. The disquiet increased when it emerged that the company either had known - or could have known - that there was a problem much earlier.

Okta first got wind of a potential breach in January, Bradbury said, explaining that it warned the Sitel Group right away. But it was only on March 10 that Sitel received a forensic report about the incident, giving Okta a summary of the findings a week later.

© Reuters. FILE PHOTO: People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration

Bradbury said he was "greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report."

The hack - and Okta's reaction to it - has made some investors nervous. The 10.74 percent fall in share price was the worst one-day percentage drop since 2018, and Raymond James Equity Research downgraded the stock from "strong buy" to "market perform," in part citing Okta's handling of the incident.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.