IE 11 is not supported. For an optimal experience visit our site on another browser.

Suspected Okta hackers arrested by British police

The hackers are believed to be part of the Lapsus$ hacking group, which posted a series of screenshots of Okta’s internal communications on their Telegram channel late on Monday.
OKTA headquarters in San Francisco.
OKTA headquarters in San Francisco.Sundry Photography / Alamy Stock
/ Source: Reuters

Police in Britain have arrested seven people following a series of hacks by the Lapsus$ hacking group which targeted major firms including Okta and Microsoft Corp, City of London Police said on Thursday.

San Francisco-based Okta, whose authentication services are used by some of the world’s biggest companies to provide access to their networks said on Tuesday that it had been hit by hackers and that some customers may have been affected.

“The City of London Police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan said in an emailed statement in response to a question about the Lapsus$ hacking group.

The ransom-seeking gang had posted a series of screenshots of Okta’s internal communications on their Telegram channel late on Monday.

“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation,” O’Sullivan said.

News of the digital breach had knocked Okta shares down about 11 percent amid criticism of the digital authentication firm’s slow response to the intrusion. 

Shares of Okta were trading down 4.8 percent on Thursday.

City of London Police did not directly name Lapsus$ in its statement. A spokeswoman said none of the seven people arrested had been formally charged, pending investigation.

Last month, Lapsus$ leaked proprietary information about U.S. chipmaker Nvidia to the Web. 

More recently the group has purported to have leaked source code from several big tech firms, including Microsoft.

In a blog post published Tuesday and devoted to Lapsus$, the software firm confirmed that one of its accounts had been compromised, “gaining limited access.”

Lapsus$ have not responded to repeated requests for comment on their Telegram channel and by email.

Digital security professionals who have followed the group are torn between dismissing them as attention-seeking pranksters or ruthless operators in the mold of Russian ransomware gangs.

It could be a bit of both, said Chester Wisniewski of British cybersecurity firm Sophos.

He said that the group did not appear to use malicious software to encrypt their victims’ networks, a hallmark of digital extortionists.

They instead manually lay waste to their targets’ networks, often after making bizarre ultimatums like the time they demanded that Nvidia make the software for its drivers open source — and remove the limits on equipment often used to mine bitcoin.

“With these guys, they don’t seem to be after much of anything,” said Wisniewski. “The few demands they’ve made have been outrageous and unrealistic.”

A teenager living near Oxford, England, is suspected of being behind some of the more notable attacks, Bloomberg News reported on Wednesday.

Reached by phone, the father of the teenager — who cannot be named because they are a minor — declined to comment.