Okta, an identity and access management company, announced on Tuesday that it has completed its investigation into the LAPSUS$ extortionist gang's hack of a third-party vendor in late January 2022.
Okta stated that the "effect of the event was much less than the maximum potential impact" that the business previously published last month, and that the intrusion touched only two customer tenants, rather than the 366 that was earlier assumed.
The security incident occurred on January 21, when the LAPSUS$ hacking organisation got unauthorised remote access to a Sitel support engineer's workstation. However, it wasn't until nearly two months later that the enemy made it public by posting screenshots of Okta's internal systems on their Telegram channel.
In addition to gaining access to two live customer tenants through the SuperUser programme, which is used to execute basic administration operations, the hacker gang is reported to have examined restricted information in other applications such as Slack and Jira, correlating with previous reports.
"On January 21, 2022, control lasted for 25 minutes," claimed David Bradbury, Okta's top security officer. "The threat actor was unable to complete any configuration modifications, MFA or password resets, or customer service 'impersonation' events."
Bradbury noted, "The threat actor was unable to authenticate directly to any Okta accounts."
Okta, which has been chastised for its tardy revelation and handling of the problem, said it has ended its relationship with Sitel and is changing its customer support platform to "restrictively limit what information a technical support engineer may view."
Please do not enter any spam link in the comment box.