Okta

2022 - 3 - 22

Lapsu$ group claims Okta supply chain attacks (unknown)

The Lapsu$ extortion group posted screenshots to its Telegram channel Monday night they say prove they breached identity management vendor Okta.

"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. "None of Lapsus$' claims should be taken at face value," he said via electronic chat. Lapsu$ is a group that extorts the companies under the threat of leaking data - ransom without the ransomware - best known for leaks of Samsung files.

Post cover
Image courtesy of "BBC News"

Hundreds of companies potentially hit by Okta hack (BBC News)

Hundreds of organisations that rely on Okta to provide access to their networks may have been affected by a cyber-attack on the company.

Britain's National Cyber Security Centre said it had "not seen any evidence of impact in the UK". Thanet, which uses Okta to simplify the way staff manage and sign on to multiple applications, told BBC News the hack "has not compromised the security of the council's data" but it "will continue to monitor the situation". Okta initially said the attack, in January, involved a third-party contractor, a "sub-processor", and "the matter was investigated and contained".

Okta says 2.5% of customers breached, as Lapsus$ sows disorder (Cybersecurity Dive)

Dive Brief: A breach at Okta affected 2.5% of its customers, the identity and access management firm ...

Screenshots claiming successful breaches of companies are circulated through social media, putting companies on the defensive. The screenshots were taken from a support engineer's computer at third-party provider Sitel, which was compromised using RDP to gain remote access. - Lapsus$ also claimed to have breached Microsoft, which confirmed Tuesday night an account was compromised, granting limited access.

Okta hack puts thousands of businesses on high alert (unknown)

Okta says it's investigating reports of a potential breach. Hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta's ...

However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack.

Post cover
Image courtesy of "The Straits Times"

Authentication firm Okta says up to 366 customers potentially hit by ... (The Straits Times)

Criticism of the digital authentication firm's slow response to the intrusion knocked its shares down about 11%. . Read more at straitstimes.com.

Okta first got wind of a potential breach in January, Mr Bradbury said, explaining that it warned the Sitel Group right away. The hack - and Okta's reaction to it - has made some investors nervous. Okta, whose market capitalisation is US$26 billion (S$35.3 billion), has been criticised for its reaction to the hack, which struck some experts as initially dismissive.

Your data. Your experience. (unknown)

Hackers compromised Okta's network via its customer support company Sykes.

You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address

Post cover
Image courtesy of "CRN"

Okta: Up To 366 Clients Had Data 'Acted Upon' in Lapsus$ Hack (CRN)

As many as 366 Okta customers might have had their data 'acted upon' following the Lapsus$ cyberattack against the identity security giant's customer ...

The firm’s investigation and analysis lasted until Feb. 28, and the firm provided a report to Sitel on March 10. Over the past 24 hours, Okta said it has analyzed more than 125,000 log entries to determine what actions were performed by Sitel employees during the five-day period in question. The hacker obtained remote access to the Sitel support engineer’s computer using remote desktop protocol (RDP) and was able to control the machine. The majority of support engineering tasks are performed using an internally built application called SuperUser, which allows for the performing of basic management functions on Okta customer tenants. The screenshots Lapsus$ published online were taken from a computer used by a Sitel employee, which Okta contracts with for customer support work. The San Francisco-based company didn’t provide details around how these customers were impacted but said affected customers will receive a report that shows the actions performed on their Okta tenant during the period in question.

Explore the last week