Okta, an identity, and access management company, announced on Tuesday that it had completed its investigation into a third-party vendor's breach in late January 2022 by the LAPSUS$ extortion gang.
According to Okta, the incident had a "significantly less impact than the maximum potential impact" that the company had previously disclosed last month, and only two customers tenants were affected, rather than the 366 initially assumed.
A security breach occurred on January 21 when the LAPSUS$ hacking group gained remote access to a workstation belonging to a Sitel support technician. Nearly two months later, the adversary posted screenshots of Okta's internal systems on their Telegram channel, making the information public.
SuperUser's two active customer tenants, as well as limited information from other applications like Slack and Jira, have been accessed by the hacker group, corroborating previous reports.
According to Okta's chief security officer David Bradbury, "control" lasted for 25 minutes on January 21, 2022. No configuration changes, MFA or password resets, or customer support 'impersonation' events could be carried out successfully by the threat actor, as stated earlier.
"The threat actor was unable to authenticate directly to any Okta accounts," Bradbury said.
Okta, which has been criticized for its delayed disclosure and its handling of the incident, said it had ended its relationship with Sitel and was making changes to its customer support tool to "restrictively limit what information a technical support engineer can view."
Post a Comment
Your suggestions and comments are welcome