Lapsus$ threat actor that made headlines after compromising authentication firm Okta has been particularly active recently. It has also been very public about its attacks.
It seems that Lapsus$ accessed Okta’s internal environment in late January. Authentication service remains fully functional, and the company is contacting customers (approximately 2,5% of them) who have potentially been impacted and whose data may have been viewed or acted upon.