A San Francisco-based identity and access management company, Okta, Inc, which handles logins for more than 100 million users, on Tuesday confirmed it suffered a breach in January via a third-party customer support provider.
Okta’s admittance came after a hacking crew called LAPSUS$, which extorts its targets after stealing their data and often leaks victims’ information in public forums, claimed it had breached the company. The hacker's group posted multiple screenshots showing access to apparent internal Okta systems.
On Tuesday, Okta came up with the official statement, said: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
First Update- Five days hackers accessed the support engineer's laptop
Later, Okta confirmed that they suffered a security incident in January when hackers compromised a laptop of one of its support engineers of Sykes Enterprises, which is contracted by Okta for customer services, that could initiate password resets for customers.
“There was a five-day window of time between January 16-21, 2022 when the threat actor had access to the Sitel environment, which we validated with our own analysis.”- Okta says in an updated statement on the incident.
366 customers (Approx) were impacted.
After this, Okta, once again updated its statement stating that approximately 2.5% of its customers were impacted by a cyberattack claimed by the Lapsus$ data extortion group.
In trying to scope the blast radius for this incident, our team assumed the worst case scenario and examined all of the access performed by all Sitel employees to the SuperUser application for the five-day period in question. Over the past 24 hours we have analyzed more than 125,000 log entries to ascertain what actions were performed by Sitel during the relevant period. We have determined that the maximum potential impact is 366 (approximately 2.5% of) customers whose Okta tenant was accessed by Sitel.