Okta Claims Only 2.5% Customers Were Impacted by Lapsus$ Group Hack
Okta, an enterprise identity and access management company, has published an extensive update about the recent cyberattack by the LapsuS$ hacking group. The company confirmed that around 2.5 percent of its customers were affected by this security incident.
The investigations revealed that the threat actors managed to gain access to the laptop of a third-party support engineer via remote desktop protocol (RDP) for five days in mid-January. The account of the impacted customer support engineer was suspended immediately to prevent any further damage.
Okta acknowledged that the third-party support engineers could help users reset their passwords, and some of them may have been affected by this incident. However, the company explained that the consequences of this hacked account for Okta customers remain limited since third-party support engineers don’t have wide access to customer data.
“The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data — for example, Jira tickets and lists of users — that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords,” explained David Bradbury, Chief Security Officer at Okta.
Okta plans to notify its customers impacted by the Lapsus$ hack
Okta is currently investigating this incident and trying to identify all impacted customers. The company noted that the Lapsus$ hack didn’t impact HIPAA, Auth0, and FedRAMP customers. It is important to note that Lapsus$ has been involved in hacking different high-profile companies in recent weeks, including Samsung, NVIDIA, and Ubisoft.
Microsoft, which is a big competitor to Otka with Azure Active Directory, has also been hacked by the same group earlier this week and claimed that LapsuS$ hackers only had “limited access” to its source code. The Redmond giant has recommended its customers to use trusted endpoints, implement secure Multifactor Authentication mechanisms, and leverage modern VPN authentication techniques.
More in Security
Microsoft Warns About New Consent-Phishing Attacks Used to Steal Data
Feb 1, 2023 | Rabia Noureen
Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines
Jan 31, 2023 | Rabia Noureen
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
How to Create Conditional Access Policies using PowerShell
Jan 4, 2023 | Liam Cleary
Bitwarden – An Open-Source Alternative to LastPass for Business and Personal Use
Jan 3, 2023 | Russell Smith
Most popular on petri