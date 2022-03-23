LAPSUS$ continues to compromise Big Tech with theft and threat of leaking sensitive information. Nvidia, Microsoft, Samsung, Mercado Libre or Ubisoft are some of the companies that have confirmed that they have been attacked by the aforementioned group of Latin American hackers, assuring that they have accessed the data through the credentials of the workers. oktaa company dedicated to offering employee identification services to other companies, has also been hacked by LAPSUS$, despite the US firm initially denying it.

The hacking Okta by LAPSUS$In fact, it was carried out in January 2022, according to the data offered by the hacker group, who shared a series of screenshots on their Telegram account that revealed access to the company’s services.

The American firm, however, He assured at first that his services had not been violatedalthough it did confirm that an attacker had access to a support engineer’s laptop on January 16 and 21, 2022. “The Okta service has not been breached and is still fully operational. There are no corrective actions to be taken.” our customers,” David Bradbury, Okta’s chief security officer, said in a statement.

Bradbury also mentioned that these types of employees cannot “create or delete users.” Neither do they “download customer databases” and that, therefore, they cannot access those passwords that LAPSUS$ claimed to have in their possession.

“The potential impact to Okta customers is limited to the access support engineers have. Support engineers cannot create or delete users, or download customer databases. Support engineers have access to limited data, for example, Jira tickets and user lists, which were seen in the screenshots. Support engineers can also facilitate password resets and multi-factor authentication for users, but they can’t get those passwords.” David Bradbury, director of security for Okta.

LAPSUS$ did not take long to respond to these statements through its Telegram channel, alleging that Okta was lying in your statement. The hacking team claimed that they had “superuser/admin” access to Okta.com and “various other systems.” All this, moreover, for several months, and not just in five days, as the company claims.

Okta, for his part, has taken 8 hours to update his statement with additional information about the hack. They confirm —now yes— who have committed the data of a large part of its customers. “After extensive analysis of these claims, we have concluded that a small percentage of customers, approximately 2.5%, have been potentially affected and whose data may have been viewed or acted upon,” says Bradbury. .

LAPSUS$ hack of Okta not only affects the credential management company

But why is this hack so serious? How is it different from the data theft suffered by firms such as Microsoft or Nvidia? Okta is not as well known as those that have been compromised by LAPSUS$ so far, but it is really important, as it is a company dedicated to managing access credentials.

Many companies use Okta services to manage, protect and simplify access for their employees to the different platforms with which they work on a daily basis. This company therefore stores critical information of its partners. And now, at least partially, that information is in the hands of LAPSUS$.

According to Okta, the percentage of affected customers is 2.5%. Although, in Okta’s words, this is a “small percentage”, this is equivalent to about 400 companiesaccording to the estimates of Wall Street Journal, who assures that the company has more than 15,000 clients worldwide. It is not clear which firms are affected, but Okta’s portfolio includes major companies such as Sonos, Moody’s, Nasdaq, FedEx or T-Mobile.

So far, no company that is part of the Okta customer group has reported an attempt to access their private data or a hack by LAPSUS$. The credential management platform, on the other hand, ensures that they have already located the affected customers and are in contact with them.



