Okta Pwned By LAPSUS$ And Companies Who Use Okta Products Are Running Scared

Otka is a company that provides single sign-on user authentication tools in the enterprise sector. And they are now the latest company to be pwned by LAPSUS$. What’s worse is that this hack has the possibility allowing the attackers very substantial access to corporate data as their products are used for authenticating users so that they can gain access to applications and networks.

I’ve talked to a few people who work for companies who use Okta products, and they are extremely concerned about this hack as they can see a scenario where they get pwned because of this. Thus the my message would be that companies who use Okta products should be very vigilant as I am pretty sure that the fallout from this hack is only beginning.

UPDATE: Saryu Nayyar, CEO and Founder of Gurucul had this to say:

“While customers are relying on vendors like Okta for Zero Trust and starting to implement SASE, this shows the need for more advanced security operations tools to ensure that threat actors aren’t abusing identity and access policies. Customers must incorporate advanced identity analytics, user behavior baselining and monitoring, and an extensive set of self-training machine learning models to detect and mitigate threats that are able to still evade these new security initiatives. CISOs must invest more in automation-focused Threat Detection, Investigation and Response (TDIR) solutions when it comes to quickly identifying threat actors that are extremely targeted and able to easily sneak through existing defenses.”

UPDATE #2: Kevin Novak, Managing Director, Breakwater Solutions added his thoughts:

“While very little has been posted about this incident, it all points to a security breach that occurred back on January 21, 2022, and of which Okta has indicated it shut it down rapidly.  If however, the compromise involved a successful assault on Client information, such as client credentialing, key materials, or source code pertaining to environments that may lead to client compromises, then Okta May suffer much greater scrutiny from the field for its lack of adequate, timely notification of the event.  Security professionals around the world are debating the list of compromise possibilities based on the pictures posted about the hack, but no definitive word has been shared by Okta.” 

“Of major concern to all is: “what then?”  If the Okta environment is compromised, companies can’t simply flip a switch and authenticate/authorize on a different platform.  These are embedded platforms that require time to swap.” 

“While some have made conjectures about whether this hack contributed to another breach here or there, it would seem that a full compromise of Oktas backend would have become far more obvious by now, but we’ll see more over the next few months.”

4 Responses to “Okta Pwned By LAPSUS$ And Companies Who Use Okta Products Are Running Scared”

  1. […] hacker group Lapsus$ is very busy these days. Besides pwning Okta, they’ve apparently also pwned Microsoft and leaked 37GB of source code according to Bleeping […]

  2. […] Okta in the wake of being pwned by the LAPSUS$ hacking gang have released a statement with their version of events. And to be frank, none of it sounds good. Here’s the rundown: […]

  3. […] might recall that threat actor group Lapsus$ posted screenshots in their Telegram channel of what they claim to be Okta customer data. Okta is a leading provider of authentication services and Identity and Access Management (IAM) […]

  4. […] when Okta got pwned by Lapsus$, and it looked like over 300 customers were affected by this breach? Okta says an investigation […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: