Okta claims its Lapsus$ data breach only affected two customers

Okta has sought to play down fears it was affected by a major data breach earlier this year.

The identity management giant has revealed the final findings of its investigation into an attack in January 2022, which was allegedly at the hands of notorious hacking group Lapsus$.

Hundreds of Okta’s more than 150,000 customers, including large enterprises, were thought to have been affected, but thankfully the company now believes that was not the case.

Lapsus$ not hitting?

In a blog post announcing the findings, Okta director of security David Bradbury pointed out that the incident was caused by the “compromise” of a third-party vendor, named only as a “medical company.” legal third party contracted by our supplier Sitel”.

Bradbury notes that after carefully going through its reports and systems, Okta discovered that the hacker (who also remains anonymous and unattributed at this time) was only able to actively control a single workstation for 25 consecutive minutes. on January 21, 2022.

The blog goes on to note that this “threat actor” was able to access details of two Okta customers through his SuperUser app, including viewing, “limited additional information in certain other apps like Slack and Jira that cannot be used to perform actions in Okta Tenant Clients.”

Okta says it notified and held full debriefings with the two affected customers, but notes that the threat actor was unable to “perform any configuration changes, MFA or password resets. password, or customer support “impersonation” events” or “authenticate directly to any Okta accounts”.

See also  TSMC takes a swing at Intel over 'futile' US expansion plans

“While the overall impact of the trade-off has been determined to be significantly less than we originally anticipated, we recognize the heavy toll this type of trade-off can have on our customers and their trust in Okta,” Bradbury concludes.

It goes on to note that Okta will be making a series of changes and improvements to its security practices in the future, including “reviewing our security processes and looking for new ways to speed up third-party updates and internally for potential issues, both large and small.”

The company says it will now directly manage all third-party devices that access our customer support tools, giving it greater oversight of network access and also looking to adopt new systems that will help us communicate. faster with customers on security and availability issues.

Leave a Comment