Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Pierluigi Paganini March 22, 2022

The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions.

The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s customer data.

The message published by the group claims that the gang had Superuser and Admin access to multiple systems of the company.


The company is investigating claims of a data breach which, if confirmed, could pose serious risks to the customers of the company.

“Okta is aware of the reports and is currently investigating,” states a spokesperson for the company. “We will provide updates as more information becomes available.”

Todd McKinnon, CEO at Okta, confirmed that in late January 2022, the company detected an attempt to compromise the account of a third party customer support engineer working for one of its subprocessors.

McKinnon added that there is no evidence of ongoing malicious activity that resulted from the activity detected in January.

A few hours ago, Lapsus$ also leaked data stolen from Microsoft‘s internal Azure DevOps server. The gang leaked an archive containing 37GB of source code allegedly belonging to Microsoft.

Over the last months, the Lapsus$ gang compromised other prominent companies such as NVIDIASamsungUbisoft, Mercado Libre, and Vodafone.

On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BazarLoader)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment