Okta ends investigation into Lapsus$ hack, says breach only lasted 25 minutes

Three months after the Okta authentication platform was hacked by hacking group Lapsus$, the company concluded its internal investigation after finding that the impact was less severe than initially thought.

In a blog post published on Tuesday, Okta’s chief security officer, David Bradbury, noted that the company had been transparent in sharing details of the hack soon after it was discovered, but further analysis had downgraded it. initial assessments of potential reach.

“Thanks to the thorough investigation by our internal security experts, as well as a world-renowned cybersecurity company that we have engaged to produce a forensic report, we are now able to conclude that the impact of the The incident was significantly less than the maximum potential impact Okta originally shared on March 22, 2022,” Bradbury wrote.

Hackers from the Lapsus$ hacking group compromised Okta’s systems on January 21 by remotely accessing a machine belonging to an employee of Sitel, a company contracted to provide customer service functions to Okta. Details of the hack emerged two months later when a Lapsus$ member shared screenshots of Okta’s internal systems on a Telegram channel – an incident Bradbury called “embarrassing” for the team. Okta security.

More than an annoyance, the breach was particularly concerning because of Okta’s role as an authentication hub for managing access to many other technology platforms. For companies using enterprise software such as Salesforce, Google Workspace or Microsoft Office 365, Okta can provide a single secure access point, allowing administrators to control how, when and where users log in – and, in the worst-case scenario, giving a hacker a company’s entire software stack at once.

During a press and customer briefing in March, Bradbury said company security protocols limited hackers’ access to internal systems, a statement that appears to have been confirmed by the final investigation. .

While Okta’s first report concluded that the maximum unauthorized access period was no more than five days, the recent forensic report revealed that the access period was actually only 25 minutes. . And where the previous impact assessment capped the maximum number of affected organizations at 366, the new report found that only two Okta customers’ authentication systems were accessed.

During this brief access period, Lapsus$ was unable to authenticate directly to client accounts or make any configuration changes, Okta said.

In light of the forensic report, Okta’s handling of the breach appears to have been carried out in accordance with best practices for disclosure and response, although the company’s reputation may still have taken a hit.

“While the overall impact of the trade-off has been determined to be significantly less than we originally anticipated, we recognize the heavy toll this type of trade-off can have on our customers and their trust in Okta,” Bradbury said.

Leave a Reply

Your email address will not be published.