The $Lapsus hacker who attacked security firm Okta in January only gained access to two clients. The attackers remained in the company’s systems for 25 minutes and did not infect 366 customers as previously believed.
octa Complete the investigation disgusting hack Which took place in January and came out in March. A hacker from the $Lapsus group hacked an intermediary resource in a subcontractor of Okta, which is building a single sign-on program. It was previously unknown how many customers were affected. Octa later came up with the claim that there are 366 max. This estimate was based on the number of times subcontractor employees requested SuperUser access to customers during the time frame in which the breach occurred.
Okta has now finally completed the investigation of the hack. The main conclusions about the original intrusion remain. The hackers got into a single laptop belonging to a sitel subcontractor, who provided customer service on Okta’s behalf. The attack took place on January 25. Now Okta says the hackers only gained access to the clients’ systems for 25 minutes.
In those 25 minutes, the attackers broke into two of these agents. It is not known who they are, but Okta informed them. According to Okta, the hackers did not change any configurations in the clients’ systems and did not perform any password or multifactor authentication reset.
Okta also says that attackers gained access to Okta’s internal systems, including Slack and Jira. Doing this, the attackers will not be able to find any information with which they can invade the systems further. Okta has stopped working with the subcontractor and said it will take action. The company wants to create a new no-trust policy, better communication with customers and better management of third-party tools.
The report is not public. Octa published only conclusions. Part of the information missing from the report is exactly how the attackers broke into the subcontractor. Techcrunch previously wrote that hackers found a spreadsheet with passwords, but found the subcontractor He later denied it†
