Three months after being breached by the Lapsus$ hacker group, Okta revealed more details about the investigation — now closed. In a post last Tuesday (19), the authentication platform concluded that the The attack’s impact was less serious than expected.
“As a result of the thorough investigation by our internal security experts, as well as a globally recognized cybersecurity firm that we hired to produce a forensic report, we can now conclude that the impact of the incident was significantly less than the maximum potential initially shared in March 22, 2022,” wrote David Bradbury, Okta’s director of security.
remember the case
Used by giants like Salesforce and Google Workspace, the Okta authentication platform was invaded by the Lapsus$ hacker group in January 21 this year. The illegal access occurred after the actors gained remote access to a machine belonging to an employee of Sitel, a company subcontracted to Okta to provide customer service functions.
In practice, the company’s services provide a single secure access point, allowing administrators to control how, where and when users can access it. But with the compromise of the system, this ended up providing hackers with “one-shot” access to a company’s software stack.
Last month, the platform disclosed that 2.5% of its customers were “potentially” affected by the group’s cyberattack. The number corresponds to about 366 organizations that Okta serves and all of them were contacted directly by email.
The problem is that the company only informed customers about what happened in March, two months after the incident.
“At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more active and aggressive information from Sitel. In light of the evidence we’ve gathered over the last week, it’s clear that we would have made a different decision had we been in possession of all the facts we have today,” the platform said last month.
Okta Invasion Was Less Serious Than Expected
Despite the error, the company has now revealed that the risk was lower than expected. The initial report indicated that the unauthorized access did not last more than five days, but the new information found that the period of access was only 25 minutes.
In the meantime, according to the company, Lapsus$ has not been able to directly authenticate itself to any of the customer accounts or make any configuration changes. In addition, only two customer authentication systems were accessed—far lower than the 366 previously speculated.
“While the overall impact of the commitment was found to be significantly less than initially anticipated, we recognize the heavy toll this type of commitment can take on our customers and their trust in Okta,” Bradbury concluded.
It remains to be seen whether the disclosure of the new information will be enough to restore the platform’s credibility and paralyze the company’s shares’ free fall.
Via: The Verge