Okta is denying it has been breached after a group of hackers claimed to gain access to internal information.
In a statement Tuesday, Okta chief security officer David Bradbury said the service, which specializes in helping other companies manage employee access to internal tools, remains fully operational and customers do not have to take action.
Bradbury said that in January, the company detected an unsuccessful attempt to breach the account of a customer support engineer who worked for a third-party provider.
A report from an outside forensics firm said there was a five-day window during January “where an attacker had access to a support engineer’s laptop.”
CYBERSECURITY: What internet users should do to protect themselves
“We take our responsibility to protect and secure our customers’ information very seriously,” said Bradbury. “We are deeply committed to transparency and will communicate additional updates when available.”
Okta hack claims under investigation
Screenshots showing the alleged breach were posted by the hacker group Lapsus$, reports Reuters. Security experts who spoke with Reuters said the screenshots appeared legitimate.
Okta said it continues to investigate.
In a statement on Twitter, Matthew Prince, the CEO and co-founder of cloud platform Cloudflare said they were resetting the Okta credentials of employees as a precaution.
“Okta is one layer of security,” wrote Prince. “Given they may have an issue we’re evaluating alternatives for that layer.”
Several high-profile companies use Okta services including FedEx, Experian, Adobe and T-Mobile.
On Monday, President Joe Biden warned Russia may be preparing to launch cyberattacks in the U.S. over economic sanctions issued following its invasion of Ukraine.
“The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” Biden said at the Business Roundtable Quarterly Meeting in Washington.
Jessica Guynn contributed to this report. Follow Brett Molina on Twitter: @brettmolina23.
This article originally appeared on USA TODAY: Okta breach? Hackers say they gained access but service denies breach