...
Incidents Timeline
On March 22nd, 2022 the hacking group Lapsus$ published information regarding a security breach at Okta on their behalf. As was later confirmed by Okta, the account of a contract worker for their Customer Support organization was used to access internal systems on January 20th and 21st, 2022 for approximately one hour. During this period the attacker was potentially able to access 2.5% of Okta's customer base with limited privileges.
...
Lapsus$ is a hacking group specialized on digital extortion of data from high profile organizations. Since December 2021 they claimed responsibility for breaches of companies like NVIDIA, Samsung, Microsoft and now OktaOkta.
NO attribution for the incidents in December 2022 and October 2023 so far.
Okta's public response to the incident in March 2022
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Okta's public response to the incident in December 2022
https://sec.okta.com/articles/2022/12/okta-code-repositories
Okta's public response to the incident in October 2023
https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system
https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause
https://sec.okta.com/harfiles
Customer responses to the incident in October 2023
https://blog.1password.com/okta-incident/
https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise
https://www.beyondtrust.com/blog/entry/okta-support-unit-breach