Okta Speaks To LAPSUS$ Hack…. And Things Don’t Sound That Good

Okta in the wake of being pwned by the LAPSUS$ hacking gang have released a statement with their version of events. And to be frank, none of it sounds good. Here’s the rundown:

  • The hack actually took place in January.
  • The security breach stemmed from someone gaining access to the credentials of a support engineer employed by a sub-contractor, Sitel.
  • Those credentials were then used to access up to 366 client accounts.
  • The company managed to suspend the engineer’s account within 70 minutes of the hack being detected.
  • The subsequent forensic analysis took more than two months.
  • The company didn’t really grasp the implications of this hack until much, much later.

Clearly the response to this incident by Okta isn’t as good as it could have been. And the company pretty much says that. The problem is that LAPSUS$ now have leaked data and 366 clients are now sweating buckets because they are wondering if they are going to be the next to get pwned by LAPSUS$.

Thus the takeaways are as follows:

  • Your internal incident response has to be on point. In this case, it seems that this was true.
  • If you have contractors and sub-contractors working for you, their security has to be on point. In this case, it sounds like that was not the case with Sitel.
  • Your review of the incident has to go much quicker so that you have a full picture of what happened and what the implications are as quickly as possible.

Okta says that they will learn from this. And I would suggest that other companies look at this incident and plan accordingly based on how this one went.

2 Responses to “Okta Speaks To LAPSUS$ Hack…. And Things Don’t Sound That Good”

  1. […] company’s internal systems, such as email accounts, calendars, applications and more. Okta has responded with their version of events as […]

  2. […] when Okta got pwned by Lapsus$, and it looked like over 300 customers were affected by this breach? Okta says an investigation into the January Lapsus$ breach concluded […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: