Up to 366 Okta customers may be affected by the data theft made by the Lapsus$ hacker group, according to David Bradburry, Okta’s director of security. Bradburry said the data was accessed through external contractor Sitel. The authentication specialist added that the screenshots published by Lapsus$ date back to a cyber incident detected last January. “The screenshots […] were taken from a Sitel support engineer’s computer on which an attacker had gained remote access,” David Bradburry explains.
“So while the attacker never had access to the Okta service via account takeover, a computer that was connected to Okta was compromised and they were able to get screenshots and control the computer via the RDP session.” Reassuringly, the security director adds that an external support engineer has limited access to resources and cannot create or delete users, download customer databases or access Okta source code repositories. All 366 affected Okta customers will be kept informed of the actions taken by Sitel during this period.
Original article : Okta, a specialist in centralized identity and access management for businesses, may be the victim of a data theft. The hacker group Lapsus$ released screenshots of what it described as Okta’s internal environment on its Telegram channel Monday evening. Okta has since confirmed with Reuters have opened an investigation into the matter.
Hackers interested in Okta customers
The company is aware of the release of these documents and is investigating, said Chris Hollis, head of Okta, in a brief statement sent to the news agency. “We will release updates as more information becomes available.”he added.
The consequences could be significant, since many companies use Okta’s services to manage access to their own networks and applications. And this is all the more important because in the message accompanying the screenshots, the group says it is focusing on “only on Okta customers.”. The latter must therefore redouble their vigilance while waiting to learn more about the data that the cybercriminals were able to access. Okta claims nearly 15,000 customers, including Engie, E.Leclerc, Foncia and the French Red Cross.
Several experts told Reuters that the captures seem authentic. In particular, the internal Slack messaging used by Okta and tickets were visible. One of the experts added that dates visible in some of the captures indicate January 21, suggesting that hackers may have had access to internal Okta data for two months.
Lapsus$ is a prolific group
Okta offers access management solutions for servers, whether they are local or on a public or private cloud, as well as an access portal capable of replacing all the old products associated with historical infrastructures (Oracle, IBM etc.) of very large companies. Last year, the company took over Auth0a single sign-on (SSO) specialist, for $6.5 billion to create a giant in the industry.
The cybercriminal group Lapsus$ has been in the news a lot lately. It is also behind the theft of sensitive data from Samsung or from the compromise of Nvidia’s internal systems.
