Okta has looked to play down fears that it was affected by a major data breach earlier this year.
The identity management giant has revealed the final findings of its investigation into an attack in January 2022, reportedly at the hands of the notorious Lapsus$ hacking group.
It had been thought that hundreds of Okta’s 150,000-plus customers, including some big corporate names, had been affected, but fortunately, the company now believes this was not the case.
Lapsus$ fails to strike?
In a blog post announcing the findings, Okta Chief Security Officer David Bradbury outlined that the incident was caused by the “compromise” of a third-party vendor, named only as a, “third-party forensic firm, engaged by our vendor Sitel”.
Bradbury notes that having thoroughly gone through its reports and systems, Okta found that the hacker (who also remains unnamed and unattributed for now) was only able to actively control a single workstation for 25 consecutive minutes on January 21, 2022.
The blog goes on to note that this “threat actor” was able to access the details of two Okta customers through its SuperUser app, including viewing, “limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants.”
Okta says it has notified and held full debriefs with both of the affected customers, but notes that the threat actor was unable to “perform any configuration changes, MFA or password resets, or customer support “impersonation” events” or “authenticate directly to any Okta accounts”.
“While the overall impact of the compromise has been determined to be significantly smaller than we initially scoped, we recognize the broad toll this kind of compromise can have on our customers and their trust in Okta,” Bradbury concludes.
He goes on to note that Okta will be making a series of changes and improvements to its security practices going forward, including, “reviewing our security processes and pushing for new ways to accelerate updates from third parties and internally for potential issues, both big and small.”
The company says it will also now directly manage all devices of third parties that access our customer support tools, giving it greater oversight on network access and also look to adopt new systems that help us to communicate more rapidly with customers on security and availability issues.
