The Lapsu$ extortion group posted screenshots to its Telegram channel Monday night they say prove they breached identity management vendor Okta.
"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. "None of Lapsus$' claims should be taken at face value," he said via electronic chat. Lapsu$ is a group that extorts the companies under the threat of leaking data - ransom without the ransomware - best known for leaks of Samsung files.
Hacker group shared screenshots with Telegram users, saying they believed Okta's security is "pretty poor."
"If true, the breach at Okta may explain how Lapsus$ has been able to achieve part of its recent string successes," Check Point noted in a blog post. Okta's comment comes after a group calling itself Lapsus$ posted screenshots of what they claimed was the company's internal environment through the messenger service Telegram. They added, "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor." Okta, an online identity authentication service used by thousands of U. S. companies to protect their computer networks, said a purported breach of its systems is related to an earlier incident this year.
Dive Brief: A breach at Okta affected 2.5% of its customers, the identity and access management firm ...
Screenshots claiming successful breaches of companies are circulated through social media, putting companies on the defensive. The screenshots were taken from a support engineer's computer at third-party provider Sitel, which was compromised using RDP to gain remote access. - Lapsus$ also claimed to have breached Microsoft, which confirmed Tuesday night an account was compromised, granting limited access.
Okta says it's investigating reports of a potential breach. Hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta's ...
However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack.
Hackers compromised Okta's network via its customer support company Sykes.
You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address
Okta is a San Francisco-based tech company providing identity authentication services such as single sign-on and multi-factor authentication on apps and ...
Okta said the breach could be connected to an earlier incident in January. OKTA. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022 OKTA. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022
Cyber-gang Lapsus$ is behind the hack. The ransomware group "is a South American threat actor that has recently been linked to cyber-attacks on some high- ...
Britain's National Cyber Security Centre said it had "not seen any evidence of impact in the UK". Thanet, which uses Okta to simplify the way staff manage and sign on to multiple applications, told BBC News the hack "has not compromised the security of the council's data" but it "will continue to monitor the situation". Okta initially said the attack, in January, involved a third-party contractor, a "sub-processor", and "the matter was investigated and contained".
As many as 366 Okta customers might have had their data 'acted upon' following the Lapsus$ cyberattack against the identity security giant's customer ...
The firm’s investigation and analysis lasted until Feb. 28, and the firm provided a report to Sitel on March 10. Over the past 24 hours, Okta said it has analyzed more than 125,000 log entries to determine what actions were performed by Sitel employees during the five-day period in question. The hacker obtained remote access to the Sitel support engineer’s computer using remote desktop protocol (RDP) and was able to control the machine. The majority of support engineering tasks are performed using an internally built application called SuperUser, which allows for the performing of basic management functions on Okta customer tenants. The screenshots Lapsus$ published online were taken from a computer used by a Sitel employee, which Okta contracts with for customer support work. The San Francisco-based company didn’t provide details around how these customers were impacted but said affected customers will receive a report that shows the actions performed on their Okta tenant during the period in question.
San Francisco-based Okta Inc , a widely used access management company that competes with the likes of PingID and Duo to provide online authentication ...
According to its website, Okta has been in business since 2009 and describes itself as the "identity provider for the internet." Register now for FREE unlimited access to Reuters.com Okta said the breach could be connected to an earlier incident in January. read more Register now for FREE unlimited access to Reuters.com Register now for FREE unlimited access to Reuters.com