Okta confirms an attacker accessed an engineer's laptop in January consistent with posted screenshots by Lapsus$, as customers struggle to grasp their exposure
Authentication firm Okta's statements on the Lapsus$ breach fails to answer key questions. — The digital extortion group Lapsus$ threw …
Wired Lily Hay Newman
Related Coverage
- Updated Okta Statement on LAPSUS$ Okta Inc. · David Bradbury
- Cloudflare's investigation of the January 2022 Okta compromise The Cloudflare Blog · John Graham-Cumming
- View article PYMNTS.com
- Okta hack puts thousands of businesses on high alert The Verge · Jon Porter
- Okta, Lapsus$ offer dueling narratives on breach claim SC Media · Stephen Weigand
- Fury As Okta—The Company That Manages 100 Million Logins—Fails To Tell Customers About Breach For Months Forbes · Thomas Brewster
- View article PCMag
- View article CRN
- View article Bloomberg
- View article Engadget
- Okta Investigates Report of Security Breach, Says It Finds No Evidence of New Attack Wall Street Journal
- Okta is investigating reports of a breach after Lapsus$ group posted screenshots of alleged internal systems; CEO says it's likely related to a January incident Reuters
- View article VentureBeat
- Okta confirms support engineer's laptop was hacked in January BleepingComputer · Ionut Ilascu
- Okta's response to Lapsus$'s claimed hack has people asking, “Why didn't you tell us in January?” DataBreaches.net
- Okta Confirms 2.5% of Customers Impacted by Lapsus Breach infosecurity-magazine.com · Phil Muncaster
- Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group The Hacker News · Ravie Lakshmanan
- Hackers Hit Authentication Firm Okta; Customers ‘May Have Been Impacted’ Reuters
- Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach The Record · Jonathan Greig
- ‘This Is Really, Really Bad’: Lapsus$ Gang Claims Okta Hack Wired · Lily Hay Newman
- 10 Things in Tech: Okta engineer hack Insider · Jordan Parker Erb
- Okta revises LAPSUS$ impact upwards to potentially 2.5% of customers ZDNet · Chris Duckett
- Okta says attacker accessed engineer's laptop for five days VentureBeat · Kyle Alspach
- Okta and Microsoft confirm Lapsus$ hacks Silicon Republic · Vish Gain
- Okta confirms 2.5% customers impacted by hack in January BleepingComputer · Ionut Ilascu
- Okta should've ‘moved more swiftly’ to assess Lapsus$ breach, CSO says VentureBeat · Kyle Alspach
- Okta denies data breach after hackers claim they gained access to internal information USA Today · Brett Molina
- Okta says data breach claims are tied to an earlier event Protocol · Sarah Roach
- Okta Tries to Downplay Potential Breach, But Only Causes More Confusion PCMag · Michael Kan
- Cyber company Okta is latest potential victim cited by Lapsus$ hackers CyberScoop · Joe Warminsky
- Okta investigating possible data breach linked to Lapsus$ hacker group New York Post · Thomas Barrabi
- Okta: Lapsus$ attackers had access to support engineer's laptop ZDNet · Charlie Osborne
- Okta Tumbles After Hacking Group Lapsus$ Claims Data Breach Bloomberg · Jamie Tarabay
- Okta's Investigation of the January 2022 Compromise Okta Inc. · David Bradbury
- Potential consequences of Okta hack | Kaspersky official blog Kaspersky official blog
Discussion
-
@toddmckinnon
Todd McKinnon
on x
In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)
-
@eastdakota
@eastdakota
on x
We are resetting the @Okta credentials of any employees who've changed their passwords in the last 4 months, out of abundance of caution. We've confirmed no compromise. Okta is one layer of security. Given they may have an issue we're evaluating alternatives for that layer.
-
@troyhunt
Troy Hunt
on x
“The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.” https://www.okta.com/...
-
@vxunderground
@vxunderground
on x
LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof. The photos we are sharing has been edited so no sensitive information or user identities are displayed. Image 1 - 4 attached below. https://twitter.com/...
-
@kimzetter
Kim Zetter
on x
Okta now says about 2.5% of its customers have potentially been impacted by the breach and their data “may have been viewed or acted upon. We have identified those customers and are contacting them directly.” https://www.okta.com/...
-
@suhail
@suhail
on x
Counter statement by LAPSUS$ https://twitter.com/...
-
@jschauma
Jan Schaumann
on x
Updated Okta statement: https://www.okta.com/... We went from “pfft, this was sooooo long ago, nothing to see here” to “whoops, one support engineer, but no biggie” to “oh, ok, so almost 400 customers' data may have been modified” in about 12 hours. 🍿
-
@toddmckinnon
Todd McKinnon
on x
Updated information about the security incident we've been working. We're continuing to investigate and will be sharing more information as we proceed. https://www.okta.com/...
-
@bleepincomputer
@bleepincomputer
on x
Okta's Tuesday night update now says the Lapsus$ breach impacted 2.5% of their customers. Using their own numbers of over 15,000 customers, the breach has affected 375 organizations. Going to be a long night for many admins.
-
@reflectingman
D.K.R. Boyd
on x
Okta hack puts thousands of businesses on high alert. Okta lists Peloton, Sonos, T-Mobile, and the FCC among its 15,000 customers. https://www.theverge.com/... via @Verge
-
@riskybusiness
Patrick Gray
on x
Okta has put out another statement since we recorded but it still strikes me as a tad thin. Lots of talk about what the attacker couldn't do, nothing about what they *could* do. https://www.okta.com/... https://twitter.com/...
-
@wbm312
Whitney Merrill
on x
Quite the update: “After a thorough analysis of these claims, we have concluded that a small percentage of customers - approximately 2.5% - have potentially been impacted and whose data may have been viewed or acted upon.” https://www.okta.com/...
-
@adam_k_levin
Adam Levin
on x
It would have been nice if Okta let their 15,000 customers know about this incident when it happened in January. https://www.theverge.com/...
-
@nsqe
H. Poteat
on x
Updated statement from Okta, finally admitting that customers were viewed / acted upon, and they're reaching out to affected customers. This is an object lesson in how not to do breach response. https://www.okta.com/...
-
@wbm312
Whitney Merrill
on x
Why on earth would you post any statement saying you weren't hacked before having a full copy of the investigation report in your hands? https://www.okta.com/...
-
@runasand
Runa Sandvik
on x
Okta now says some of its customers may have been impacted and had their data “viewed or acted upon.” The CSO is hosting a live webinar on March 23 to share more technical details. https://www.okta.com/...
-
@evacide
Eva
on x
Okta nows says 2.5% of customers may have been impacted and they are contacting them. This seems like something they should have done two months ago. https://www.okta.com/...
-
@daviduberti
David Uberti
on x
Okta: hackers had access to a third-party support engineer's laptop for five days, from Jan. 16-21 . But says it's no biggie. Meanwhile, Lapsus$ is shitposting about Okta's statement on its Telegram channel. https://twitter.com/...
-
@gazthejourno
Gareth Corfield
on x
On Okta, the @NCSC told me me last night it had “not seen any evidence of impact in the UK.” Meanwhile the company has since admitted 2.5% of its customers had their data “viewed or acted upon”. That's ~400 firms. https://www.okta.com/...
-
@alvierid
Dominic Alvieri
on x
Lapsus just released another statement on Okta. Highlight... https://twitter.com/... https://twitter.com/...
-
@shotgunner101
@shotgunner101
on x
Okta's CEO making statement that they think “failed” attempts at accessing an Okta contracted employees account in January is tied to this. However, the screenshots seem to indicate this was not a “failed” compromise of the account at all..... https://twitter.com/...
-
@iblametom
Thomas Brewster
on x
UPDATE #2: Okta now says that the breach at the contractor lasted for five days in January. Access allowed password and MFA resets, but didn't allow access to passwords. So no action required for users. https://www.forbes.com/... https://twitter.com/...
-
@iblametom
Thomas Brewster
on x
So, in sum, with all those updates, it's probably not a severe breach for Okta users (if we take Okta's word for it and assuming nothing else comes up in further investigation). But (!) a breach at its contractor could have hit multiple other companies. Watch this space. https://…
-
@runasand
Runa Sandvik
on x
Statement from Okta says there was no breach and no action required by customers. This kerfuffle could've been avoided had the company disclosed this sooner. https://www.okta.com/...
-
@jeffmcjunkin
Jeff McJunkin
on x
Quite an interesting day for @okta. Their blog post (https://www.okta.com/...) minces no words in saying they *weren't* breached, whereas LAPSUS$ has doubled down in saying otherwise: https://twitter.com/...
-
@zackwhittaker
Zack Whittaker
on x
Okta statement just dropped, says an attacker had access to a third-party support engineer's laptop for a five-day window between January 16-21, 2022. https://www.okta.com/...
-
@runasand
Runa Sandvik
on x
This incident timeline from Okta is pretty interesting. Breach of Sitel happened in January, but Okta did not receive a complete investigation report until after Lapsus$ shared the screenshots. https://www.okta.com/... https://twitter.com/...
-
@zackwhittaker
Zack Whittaker
on x
I've reported lots of data breaches in my time. Almost every time I hear the breach isn't the problem, annoying as they can be. It's how breaches are handled, often badly (or covered up entirely), that pisses people off. Trust is a fickle thing that can be wiped out in a second.
-
@billdemirkapi
Bill Demirkapi
on x
The screenshots are very worrisome. In the pictures below, LAPSUS$ appears to have gotten access to the @Cloudflare tenant with the ability to reset employee passwords: https://twitter.com/...
-
@carnage4life
@carnage4life
on x
The CEO of Okta going on Twitter to say only a support engineer was hacked only for an official blog post to say 375 customers had their data viewed or modified is quite a dramatic change. An example of how crisis management shouldn't get ahead of the facts of an investigation. h…
-
@arekfurt
Brian
on x
“Our investigation determined that the screenshots, which were not contained in the Sitel summary report, were taken from a Sitel support engineer's computer upon which an attacker had obtained remote access using RDP.” https://www.okta.com/... https://twitter.com/...
-
@razhael
Raphael Satter
on x
New: Authentication firm Okta says up to 366 customers were potentially affected by Lapsus$ gang intrusion. One executive calls the count a “worst case scenario.” https://www.reuters.com/...