US $ continues to compromise Big Tech with the theft and threat of leaking sensitive information. Nvidia, Microsoft, Samsung, Mercado Libre or Ubisoft are some of the companies that have confirmed that they have been attacked by the aforementioned group of Latin American hackers, claiming that they have accessed data through the credentials of workers. octaa company dedicated to offering employee identification services to other companies, was also hacked by LAPSUS$, although the US company initially denied it.
the hack Okta by LAPSUS$In fact, it was made in January 2022, according to data provided by the group of hackers, who shared a series of screenshots on their Telegram account that revealed access to company services.
The American firm, however, He first assured that his services had not been violatedalthough he confirmed that an attacker had gained access to a support engineer’s laptop on January 16 and 21, 2022. “The Okta service has not been hacked and is still fully operational. It does not there is no corrective action to be taken.” our customers,” David Bradbury, Okta’s chief security officer, said in a statement.
Bradbury also mentioned that these types of employees cannot “create or delete users”. They also do not “download customer databases” and therefore cannot access the passwords that LAPSUS$ claims to have in their possession.
“Potential impact to Okta customers is limited to the access that support engineers have. Support engineers cannot create or delete users, or upload customer databases. Support engineers have access to limited data, for example, Jira issues and user lists, which have been seen in screenshots Support engineers can also facilitate password resets and multi-factor authentication for users, but they can’t get those passwords.”
David Bradbury, director of security for Okta.
LAPSUS$ was quick to respond to these claims via its Telegram channel, alleging that Okta was lying in your statement. The hacking team claimed that they had “superuser/administrator” access to Okta.com and “various other systems”. All this, by the way, for several months, and not just in five days, as the company claims.
Okta, for its part, took 8 hours to update its statement with additional information about the hack. They confirm —now yes— who committed the data of a large part of its customers. “After a thorough analysis of these complaints, we have concluded that a small percentage of customers, approximately 2.5%, were potentially affected and whose data may have been accessed or processed,” says Bradbury. .
Okta’s LAPSUS$ hack doesn’t just affect the credential management company
But why is this hacking so serious? How is this different from the theft of data suffered by companies such as Microsoft or Nvidia? Okta isn’t as well-known as the ones compromised by LAPSUS$ so far, but that’s really important, as it’s a company dedicated to managing access credentials.
Many companies use Okta services to manage, protect and simplify access for their employees to the various platforms with which they work on a daily basis. This company therefore stores the critical information of its partners. And now, at least in part, that information is in the hands of LAPSUS$.
According to Okta, the percentage of affected customers is 2.5%. Although, in Okta’s words, this is a “small percentage”, it equates to approximately 400 companiesaccording to the estimates of the wall street journal, which ensures that the company has more than 15,000 customers worldwide. It is not known which companies are affected, but Okta’s portfolio includes large companies such as Sonos, Moody’s, Nasdaq, FedEx or T-Mobile.
So far, no company in the Okta customer group has reported an attempt to access their private data or a LAPSUS$ hack. The credential management platform, on the other hand, ensures that they have already located the affected customers and are in contact with them.