Hacker group LAPSUS$ publicized screenshots allegedly taken from inside Okta’s information systems. If the claims are accurate, they have administrative access not only to the company’s website but also to a number of other internal systems, including quite critical ones. It appears the hacking group uses social engineering efforts to gather knowledge about their target’s business operations. Okta services are generally used internally for employee identity integrated in the authentication stack, customers have nothing to worry about unless they themselves use Okta.
“The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. This is consistent with the screenshots that we became aware of yesterday,” Okta says in an updated statement on the incident.
The blog post provides a timeline that indicates the company initially acted very quickly, moving from initial suspicious activity to suspending the engineer’s account within 70 minutes, following forensic analysis that took more than two months. Bradbury admits that a further delay occurred when the company failed to realize the implications of the initial summary report.
“I am greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report. Upon reflection, once we received the Sitel summary report we should have moved more swiftly to understand its implications.”
Last Updated on 04/15/2022 by Emmanuel Motelin
