Okta Claims Only 2.5% Customers Were Impacted by Lapsus$ Group Hack


Okta, an enterprise identity and access management company, has published an extensive update about the recent cyberattack by the LapsuS$ hacking group. The company confirmed that around 2.5 percent of its customers were affected by this security incident.

The investigations revealed that the threat actors managed to gain access to the laptop of a third-party support engineer via remote desktop protocol (RDP) for five days in mid-January. The account of the impacted customer support engineer was suspended immediately to prevent any further damage.

Okta acknowledged that the third-party support engineers could help users reset their passwords, and some of them may have been affected by this incident. However, the company explained that the consequences of this hacked account for Okta customers remain limited since third-party support engineers don’t have wide access to customer data.

“The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data — for example, Jira tickets and lists of users — that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords,” explained David Bradbury, Chief Security Officer at Okta.

Okta plans to notify its customers impacted by the Lapsus$ hack

Okta is currently investigating this incident and trying to identify all impacted customers. The company noted that the Lapsus$ hack didn’t impact HIPAA, Auth0, and FedRAMP customers. It is important to note that Lapsus$ has been involved in hacking different high-profile companies in recent weeks, including Samsung, NVIDIA, and Ubisoft.

Microsoft, which is a big competitor to Otka with Azure Active Directory, has also been hacked by the same group earlier this week and claimed that LapsuS$ hackers only had “limited access” to its source code. The Redmond giant has recommended its customers to use trusted endpoints, implement secure Multifactor Authentication mechanisms, and leverage modern VPN authentication techniques.