{"id":45838,"date":"2022-03-23T04:14:08","date_gmt":"2022-03-23T04:14:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/okta-now-says-lapsus-may-in-fact-have-accessed-customer-info\/"},"modified":"2022-03-23T04:14:08","modified_gmt":"2022-03-23T04:14:08","slug":"okta-now-says-lapsus-may-in-fact-have-accessed-customer-info","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/okta-now-says-lapsus-may-in-fact-have-accessed-customer-info\/","title":{"rendered":"Okta now says: Lapsus$ may in fact have accessed customer info"},"content":{"rendered":"

Identity management as-a-service platform Okta says the Lapsus$ extortion gang may in fact have managed to see some of its customers’ data, and Microsoft has admitted the crew got its grubby paws on some source code.<\/p>\n

An updated post<\/a> detailing Okta’s response to claims<\/a> of an intrusion into the service sees chief security officer David Bradbury reveal “a small percentage of customers \u2013 approximately 2.5% \u2013 have potentially been impacted and whose data may have been viewed or acted upon.”<\/p>\n

Bradbury has not described the data that may have been viewed, but as Okta’s core service is single sign-on for thousands of cloud services, the possibility that customers’ credentials have leaked to unknown parties cannot be discounted.<\/p>\n

\n

Lapsus$ gathers intimate knowledge about end-users and their crisis response workflows<\/p>\n<\/blockquote>\n

Okta claims to have more than 15,000 customers, so if 2.5 per cent have been compromised that could be 375 organisations that now need to determine if all logons to their preferred clouds \u2013 and the actions taken by authenticated users \u2013 were legitimate and\/or innocuous. Those investigations need to consider sessions since January 16 \u2013 the date Okta named in previous statements as the day on which attackers compromised a single laptop used by a support engineer working for one of Okta’s suppliers.<\/p>\n

A single laptop and 375 customers aren’t enormous numbers, but Okta customers like Amazon.com, Apple, Microsoft, NTT, and McKesson employ tens or even hundreds of thousands of people. Those 375 compromised customers could translate to many, many more individual compromises.<\/p>\n

Microsoft, thankfully, has revealed<\/a> that while Lapsus$ did indeed manage to see some of its source code \u2013 as the gang claimed<\/a> earlier this week \u2013 just one Microsoft account was compromised, and that one offered “limited access” to source code.<\/p>\n

The software giant’s post in which that admission was made also offered a detailed description of how Lapsus$ goes about its nasty business.<\/p>\n