Okta Claims Only 2.5% Customers Were Impacted by Lapsus$ Group Hack
Okta, an enterprise identity and access management company, has published an extensive update about the recent cyberattack by the LapsuS$ hacking group. The company confirmed that around 2.5 percent of its customers were affected by this security incident.
The investigations revealed that the threat actors managed to gain access to the laptop of a third-party support engineer via remote desktop protocol (RDP) for five days in mid-January. The account of the impacted customer support engineer was suspended immediately to prevent any further damage.
Okta acknowledged that the third-party support engineers could help users reset their passwords, and some of them may have been affected by this incident. However, the company explained that the consequences of this hacked account for Okta customers remain limited since third-party support engineers don’t have wide access to customer data.
“The potential impact to Okta customers is limited to the access that support engineers have. These engineers are unable to create or delete users, or download customer databases. Support engineers do have access to limited data — for example, Jira tickets and lists of users — that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords,” explained David Bradbury, Chief Security Officer at Okta.
Okta plans to notify its customers impacted by the Lapsus$ hack
Okta is currently investigating this incident and trying to identify all impacted customers. The company noted that the Lapsus$ hack didn’t impact HIPAA, Auth0, and FedRAMP customers. It is important to note that Lapsus$ has been involved in hacking different high-profile companies in recent weeks, including Samsung, NVIDIA, and Ubisoft.
Microsoft, which is a big competitor to Otka with Azure Active Directory, has also been hacked by the same group earlier this week and claimed that LapsuS$ hackers only had “limited access” to its source code. The Redmond giant has recommended its customers to use trusted endpoints, implement secure Multifactor Authentication mechanisms, and leverage modern VPN authentication techniques.
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri