{"id":18568,"date":"2022-03-23T09:10:05","date_gmt":"2022-03-23T17:10:05","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/23\/news-12301\/"},"modified":"2022-03-23T09:10:05","modified_gmt":"2022-03-23T17:10:05","slug":"news-12301","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/03\/23\/news-12301\/","title":{"rendered":"Okta admits 366 customers may have been impacted by LAPSUS$ breach"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Wed, 23 Mar 2022 16:42:34 +0000<\/strong><\/p>\n

Through its usual means of communication, its Telegram channel, the LAPSUS$ group has posted screenshots of what appears to be superuser access to the Okta management console. As such, the group claims to have acquired “superuser\/admin” access to Okta.com and gained access to Okta’s customer data, saying on Telegram:<\/p>\n

\n

BEFORE PEOPLE START ASKING: WE DID NOT ACCESS\/STEAL ANY DATABASES FROM OKTA – our focus was ONLY on okta customers.<\/p>\n<\/blockquote>\n

Yesterday morning, an Okta spokesperson said the company was investigating the matter, and admitted an attempted breach<\/a> in late January 2022 in which customers were exposed for five days. The date visible in the LAPSU$ screenshots is 21 January, 2022. Okta provided a more detailed update<\/a> later in the day, which we have summarised below.<\/p>\n

Importantly, neither Okta nor LAPSU$ are claiming that Okta’s software has been compromised. Both are saying that the criminal hacking group acquired access to a user account with access to some customer data.<\/p>\n

\n
\"\"
A screeshot of the alleged Okta breach shared on the LAPSU$ Telegram channel<\/figcaption><\/figure>\n<\/div>\n

Okta<\/h2>\n

Okta is an access management company based in San Francisco. According to its own website, Okta serves over 15,000 organizations. Essentially, Okta software allows employees to log in using single sign-on\u2014a central platform where employees can log in once in order to access resources that have been assigned to them by an organization\u2019s IT staff. The kind of indentity-first approach to security is seen by some as an important underpinning of a Zero Trust<\/a> security model.<\/p>\n

LAPSUS$<\/h2>\n

LAPSUS$ is a relative newcomer to the cybercrime scene that first appeared in the summer of 2021. It has made a name for itself by leaking sensitive information from some big targets. The group is believed to hail from South America, based on its earliest targets and the near-native use of Spanish and Portuguese.<\/p>\n

In recent events, LAPSUS$ claims to have hacked:<\/p>\n