This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant Okta solutions.
The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s customer data.
The message published by the group claims that the gang had Superuser and Admin access to multiple systems of the company.
The company launched an investigation into the claims of a data breach, while Todd McKinnon, CEO at Okta, confirmed that in late January 2022, the company detected an attempt to compromise the account of a third-party customer support engineer working for one of its subprocessors.
Okta confirmed the security breach and revealed that it has impacted 2.5% of its customers (approximately 375), but pointed out that they have no action that should do.
Okta confirmed that the Lapsus$ extortion group compromised the laptop of one of its support engineers that allowed them to reset passwords for some of its customers.
Investigators discovered that the attackers had access to the laptop for five days starting from January 16, 2022.
“Following the completion of the service provider’s investigation, we received a report from the forensics firm this week. The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. This is consistent with the screenshots that we became aware of yesterday.” reads the advisory published by the company. “The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data – for example, Jira tickets and lists of users – that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords.”
Okta has identified impacted customers and notified the incident by email.
The Lapsus$ group responded to Okta’s announcement and revealed that they did not compromise an Okta employee’s laptop but their thin client.
Below is the Lapsus$’s gang reply published on their Telegram channel:
I do enjoy the lies given by Okta.
Over the last months, the Lapsus$ gang compromised other prominent companies such as Microsoft, NVIDIA, Samsung, Ubisoft, Mercado Libre, and Vodafone.
The group has now announced a temporary pause until 30/3/2022.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Okta)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.