Suspected Okta hackers arrested by UK police

The Okta logo is displayed in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration – RC2R7T9UY7RP

Join now for FREE unlimited access to

LONDON/WASHINGTON, March 24 (Reuters) – British police have arrested seven people following a series of hacks by hacking group Lapsus$ which targeted major companies including Okta Inc (OKTA.O) and Microsoft Corp (MSFT.O), City of London Police said Thursday.

San Francisco-based Okta Inc, whose authentication services are used by some of the world’s largest companies to provide access to their networks, said on Tuesday it had been hit by hackers and some customers may have been affected. Read more

“The City of London Police have been investigating with their partners members of a hacking group,” Detective Inspector Michael O’Sullivan said in an emailed statement in response to a question about the Lapsus$ hacking group.

Join now for FREE unlimited access to

The ransom-seeking gang had posted a series of screenshots of Okta’s internal communications on its Telegram channel on Monday evening.

“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation,” O’Sullivan said.

News of the digital breach had sent Okta shares down around 11% amid criticism of the digital authentication company’s slow response to the breach. Read more

Okta shares were trading down 4.8% on Thursday.

City of London Police did not directly name Lapsus$ in their statement. A spokeswoman said none of the seven people arrested had been formally charged, pending an investigation.


Last month, Lapsus$ leaked exclusive information about US chipmaker Nvidia Corp (NVDA.O) to the web. Read more

More recently, the group claimed to have leaked source code from several major tech companies, including Microsoft, which confirmed on Tuesday that one of its accounts had been compromised.

Lapsus$ did not respond to repeated requests for comment on his Telegram channel and via email.

A teenager living near Oxford, England, is believed to be behind some of the most notable attacks, Bloomberg News reported on Wednesday.

Reached by phone, the teenager’s father – who cannot be named because he is a minor – declined to comment. Reuters has confirmed that cybersecurity researchers investigating Lapsus$ believe the teenager was involved with the group, according to three people familiar with the matter.

In a blog post Thursday, Unit 42, a research team at Palo Alto Networks, described Lapsus$ as a “attack group” driven by notoriety rather than financial gain.

Unlike other groups, they don’t rely on deploying ransomware — malware to encrypt their victims’ networks, a hallmark of digital extortionists — and instead manually take down their targets’ networks.

Along with Unit 221b, a separate security consulting firm, the Palo Alto researchers said they identified “the main actor” behind $lapse in 2021 and “assisted law enforcement in their efforts to prosecute this group”.

“The teenager we identified as controlling Lapsus$ is particularly instrumental,” Unit 221b head of research Allison Nixon told Reuters.

“Not just for their leadership role, but for the vital information they need to know about the other members.”

Join now for FREE unlimited access to

Reporting by James Pearson in London and Raphael Satter in Washington; Additional reporting by Christopher Bing; Editing by Catherine Evans, Raissa Kasolowsky, Jonathan Oatis and David Gregorio

Our standards: The Thomson Reuters Trust Principles.