A hacking group named Lapsus$ has provided evidence that they had access to internal Okta systems in January 2022. They claim that they used this access to aid in attacks on Okta’s customers. 8x8 is a customer of Okta.
To date, we have no evidence suggesting that Lapsus$ or any other organization has used Okta data to infiltrate 8x8 systems. We expect that likely attacks using Okta information will be phishing, password stuffing and employee bribery. We enforce strict password requirements and regularly train and test every 8x8 employee and contractor on phishing. We also employ the principle of least privilege for 8x8 systems and data, limiting the risk in case an individual account is ever compromised.
At this time, we have no information from Okta that suggests we should change any of our current security practices. We will continue to remain vigilant and take action on any new information.