Okta Claims Only 2.5% Customers Were Impacted by Lapsus$ Group Hack
Okta, an enterprise identity and access management company, has published an extensive update about the recent cyberattack by the LapsuS$ hacking group. The company confirmed that around 2.5 percent of its customers were affected by this security incident.
The investigations revealed that the threat actors managed to gain access to the laptop of a third-party support engineer via remote desktop protocol (RDP) for five days in mid-January. The account of the impacted customer support engineer was suspended immediately to prevent any further damage.
Okta acknowledged that the third-party support engineers could help users reset their passwords, and some of them may have been affected by this incident. However, the company explained that the consequences of this hacked account for Okta customers remain limited since third-party support engineers don’t have wide access to customer data.
“The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data — for example, Jira tickets and lists of users — that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords,” explained David Bradbury, Chief Security Officer at Okta.
Okta plans to notify its customers impacted by the Lapsus$ hack
Okta is currently investigating this incident and trying to identify all impacted customers. The company noted that the Lapsus$ hack didn’t impact HIPAA, Auth0, and FedRAMP customers. It is important to note that Lapsus$ has been involved in hacking different high-profile companies in recent weeks, including Samsung, NVIDIA, and Ubisoft.
Microsoft, which is a big competitor to Otka with Azure Active Directory, has also been hacked by the same group earlier this week and claimed that LapsuS$ hackers only had “limited access” to its source code. The Redmond giant has recommended its customers to use trusted endpoints, implement secure Multifactor Authentication mechanisms, and leverage modern VPN authentication techniques.
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
Microsoft Detects 254% Spike in XorDDoS Attacks on Linux Servers
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems
May 9, 2022 | Rabia Noureen
Most popular on petri