Lapsus$ extortion gang claims to have stolen sensitive data from Okta

The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions.

The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s customer data.

The message published by the group claims that the gang had Superuser and Admin access to multiple systems of the company.

The company is investigating claims of a data breach which, if confirmed, could pose serious risks to the customers of the company.

“Okta is aware of the reports and is currently investigating,” states a spokesperson for the company. “We will provide updates as more information becomes available.”

Todd McKinnon, CEO at Okta, confirmed that in late January 2022, the company detected an attempt to compromise the account of a third party customer support engineer working for one of its subprocessors.

McKinnon added that there is no evidence of ongoing malicious activity that resulted from the activity detected in January.

A few hours ago, Lapsus$ also leaked data stolen from Microsoft‘s internal Azure DevOps server. The gang leaked an archive containing 37GB of source code allegedly belonging to Microsoft.

Over the last months, the Lapsus$ gang compromised other prominent companies such as NVIDIA , Samsung , Ubisoft, Mercado Libre, and Vodafone.

On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BazarLoader)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.