There's Been Another Development in the Lapsus$ Saga

There's Been Another Development in the Lapsus$ Saga

Okta, an identity management software company, confessed that it made a mistake in handling a data extortion hacker organization Lapsus$ assault on one of its suppliers.

The business supplied a comprehensive history of the issue in a recently released FAQ, commencing on January 20, when it first learned that "a new factor was introduced to a Sitel employee's Okta account from a new location." For those who are unaware, Okta uses Sitel to deliver some customer care services to its users.

While the effort to add a new factor failed, Okta reset the account in question and warned Sitel about the situation by sharing "indicators of compromise" with the firm. Sitel then notified Okta that it had "retained outside help from a prominent forensic company."

Okta claims that the company assumed that Sitel had supplied all of the information it had on the event and allowed Sitel's forensic firm to conduct its investigation. Instead, Okta should have pressured Sitel for further details, given the firm is its service provider and is ultimately liable.

Investigation Results

The forensics firm engaged by Sitel provided its report to the customer support business on March 10. Still, Okta didn't get a summary report regarding the event from Sitel until a week later, on March 17.

However, Lapsus$ shared images on its Telegram channel purporting to portray Okta's corporate environment, including internal tickets and in-house Slack talks. On the same day, Okta got the entire investigation commissioned by Sitel, which determined a "five-day period between January 16-21, during which an attacker had access to Sitel."

In its FAQ, Okta provided additional details on the incident and how it would respond now that it has all of the information, saying:

"In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third-party forensic firm to investigate. At that time, we didn't recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence we have gathered in the last week, it is clear that we would have made a different decision if we had owned all of the facts we have today."

While Okta is confident that its service has not been compromised, the Lapsus$ group is likely to hit another big name target soon, despite seven of its potential operatives being recently arrested in London.


1 ratings
Paul Syverson
Paul Syverson
Paul Syverson is the founder of Product Reviews. Paul is a computer scientist; he used to carry out a handful of significant studies which contributed to bringing in many special features on the site. He has a huge passion for computers and other tech products. He is always diligent in delivering quality writings to bring the most value to people. |