Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers

Cyber Security

Products You May Like

Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang.

Stating that the “impact of the incident was significantly less than the maximum potential impact” the company had previously shared last month, Okta said the intrusion impacted only two customer tenants, down from 366 as was initially assumed.

CyberSecurity

The security event took place on January 21 when the LAPSUS$ hacking group gained unauthorized remote access to a workstation belonging to a Sitel support engineer. But it only became public knowledge nearly two months later when the adversary posted screenshots of Okta’s internal systems on their Telegram channel.

In addition to accessing two active customer tenants within the SuperUser application — used to perform basic management functions — the hacker group is said to have viewed limited additional information in other applications like Slack and Jira, corroborating prior reports.

“Control lasted for 25 consecutive minutes on January 21, 2022,” David Bradbury, Okta’s chief security officer, said. “The threat actor was unable to successfully perform any configuration changes, MFA or password resets, or customer support ‘impersonation’ events.”

CyberSecurity

“The threat actor was unable to authenticate directly to any Okta accounts,” Bradbury added.

Okta, which has faced criticism for its delayed disclosure and its handling of the incident, said it has terminated its relationship with Sitel and that it’s making changes to its customer support tool to “restrictively limit what information a technical support engineer can view.”

Products You May Like

Articles You May Like

OnePlus 13 Launch Timeline Leaked; Might Arrive in China as Early as October
Itel Flip One Feature Phone Set to Launch in India in September
Redmi 14C With 6.88-Inch LCD Screen, MediaTek Helio G81 Chipset Launched: Price, Specifications
Atlantic Ocean Might Be Undergoing a Rapid Cooling Near Equator And Scientists Do Not Know Why
Amazon checkout process hits technical snag during Labor Day sale

Leave a Reply

Your email address will not be published. Required fields are marked *