The Lapsu$ extortion group posted screenshots to its Telegram channel Monday night they say prove they breached identity management vendor Okta.
"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. "None of Lapsus$' claims should be taken at face value," he said via electronic chat. Lapsu$ is a group that extorts the companies under the threat of leaking data - ransom without the ransomware - best known for leaks of Samsung files.
Hacker group shared screenshots with Telegram users, saying they believed Okta's security is "pretty poor."
"If true, the breach at Okta may explain how Lapsus$ has been able to achieve part of its recent string successes," Check Point noted in a blog post. Okta's comment comes after a group calling itself Lapsus$ posted screenshots of what they claimed was the company's internal environment through the messenger service Telegram. They added, "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor." Okta, an online identity authentication service used by thousands of U. S. companies to protect their computer networks, said a purported breach of its systems is related to an earlier incident this year.
That attempt was quickly stopped by Okta. Sitel then hired a forensic investigation firm to look into the incident. Bradbury said Sitel received that report on ...
And it was only hours later that Okta got its hands on the full Sitel report. But he did say the company will send a report to affected customers that shows the actions performed on their Okta tenant by Sitel so they can assess the risks. “Upon reflection, once we received the Sitel summary report last week we should have in fact moved more swiftly to understand its implications.” That attempt was quickly stopped by Okta. Sitel then hired a forensic investigation firm to look into the incident. Bradbury said Sitel received that report on March 10th, and forwarded a summary to Okta on March 17th. It wasn’t clear from Bradbury’s statement whether that information was included in the summary.
Authentication company Okta has maintained that security protocols contained the worst impacts of a system breach from hacking group Lapsus$
Graphics card manufacturer Nvidia was also hacked by the group in late February, and had employee credentials leaked online. Details of the breach were compiled by a forensic investigation firm that had been engaged shortly after the unauthorized access was discovered, but the full report had not been provided to Okta until recently, according to Bradbury. “Today I want to provide my perspective on what has transpired, and where we are with this investigation.”
Hackers compromised Okta's network via its customer support company Sykes.
You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address
Plus: Microsoft reveals gang pulled off limited source code heist after single account compromised · Leaked stolen Nvidia key can sign Windows malware · Devil-may ...
The software colossus suggests that be kept somewhere Lapsus$ will not be able to access – presumably in air-gapped systems or a bottom drawer. Those investigations need to consider sessions since January 16 – the date Okta named in previous statements as the day on which attackers compromised a single laptop used by a support engineer working for one of Okta's suppliers. If successful, the gang deploys multiple malware packages – some installed in new VMs it creates on victims' preferred clouds.
The leading identity-verification provider seeks to allay concerns about the impact from the breach in its security by the Lapsus$ group.
Okta said the attack had affected as many as 366 customers, or 2.5% of the more than 15,000 businesses and institutions it services world-wide. HONG KONG— Okta Inc., one of the world’s leading providers of digital identity verification, said that a January data breach revealed by hackers this week may have affected hundreds of customers that rely on its software to manage secure access to their internal computer networks.
The Okta hack revealed yesterday, and which dated back to January, may have impacted up 366 clients, says the company's chief security ...
Upon reflection, once we received the Sitel summary report we should have moved more swiftly to understand its implications. I am greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report. While it is not a necessary step for customers, we fully expect they may want to complete their own analysis.
(Reuters) - San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online aut...
Okta said the breach could be connected to an earlier incident in January. Okta sells identity services, such as Single Sign-On and Multi-factor Authentication used to log in to online applications and websites. (Reuters) – San Francisco-based Okta Inc, a widely used access management company that competes with the likes of PingID and Duo to provide online authentication services, said it was investigating a digital breach on Tuesday.
Okta says it's investigating reports of a potential breach. Hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta's ...
However, writing in their Telegram channel, Lapsus$ suggested that it had access for a few months. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. In a statement sent to The Verge, Okta spokesperson Chris Hollis downplayed the incident, and said Okta has not found evidence of an ongoing attack.
A fresh Lapsus$ attack on Okta has been denied by the company, but the hackers may have enough data to launch supply chain attacks.
Earlier this week, marketing platform Hubspot revealed its systems had been compromised, leading to supply chain attacks on a number of its customers in the cryptocurrency space. "An authentication tool such as Okta provides the opportunity to breach hundreds of large enterprises in one sweep." If Lapsus$ has gained access to Okta customer data, the businesses involved could become targets for a supply chain breach. Last month it claimed to have breached Nvidia, Samsung and Vodafone, before launching an attack on games publisher Ubisoft. Yesterday, Tech Monitor reported that Microsoft had become the group's latest victim after screenshots of code purporting to be from the company's Azure cloud platform were posted online. Lapsus$ has become one of the most talked-about hacking groups of 2022 after a string of attacks on high-profile targets. “For a service that powers authentication systems to many of the largest corporations, I think these security measures are pretty poor,” the message reads.
Ransomware gang Lapsus$ strikes again, posting screenshots to its Telegram channel Tuesday of what it alleges are data from customers of identity security ...
Okta is the world’s largest pure-play identity security provider, with sales in the fiscal year ended Jan. 31, 2022, surging to $1.3 billion, up 56 percent from $835.4 million a year earlier. Earlier this month, Lapsus$ said it stole Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls. Okta co-founder and CEO Todd McKinnon said the screenshots shared by Lapsus$ are believed to be connected to an incident from late January, with no evidence on ongoing malicious activity beyond what happened then. Shortly after publication, Lapsus$ removed the post and published the message “Deleted for now will repost later.” The actors then leaked some proprietary Nvidia information online. Independent security researcher Bill Demirkapi told the news agency that he believes the screenshots are credible.
The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.
The Lapsus$ breach claims sent a number of companies rushing to respond. A Microsoft spokesperson said that "we are aware of the claims and are investigating.” A sub-processor investigated and contained the January incident.
Businesses are now on high alert as the hackers claim to have had full admin access to the back-end of identity and authentication provider Okta for at ...
Announcing the breach in the early hours of Tuesday morning, LAPSUS$ said in its Telegram channel that it did not steal or access any Okta databases and their focus was solely on Okta’s customers.Okta's CEO Todd McKinnon confirmed that the company started an investigation after it detected an attempt to compromise the account of a third party customer support engineer working for one of [its] subprocessors”.“The matter was investigated and contained by the subprocessor,” McKinnon said. One of the images posted by LAPSUS$ appeared to show the hackers were able to reset user passwords for employee passwords. The company claims to be world’s number one identity platform and provides services for more than 15,000 customers worldwide.
Cloudflare takes no chances, hits the identity reset button ... The Lapsus$ extortion crew has turned its attention to identity platform Okta and published ...
We fervently hope that this one won't end up in the "aged badly" bucket. We are resetting the @Okta credentials of any employees who’ve changed their passwords in the last 4 months, out of abundance of caution. Okta has yet to confirm this is the case. Oz Alashe, CEO of CybSafe and chair of the UK government's DCMS Industry Expert Advisory Group on Cyber Resilience, said: "The potential attack on Okta is a striking reminder of the supply chain's cyber risks. We believe the screenshots shared online are connected to this January event. However, a compromise at Okta could be altogether more serious since the company's services are used by many others to manage network and application access as well as user identities.
Okta, the authentication and identity management giant, is investigating claims supposedly made by malicious hackers that they compromised its internal ...
Shane Curran, CEO at data security firm Evervault, commented: “Okta currently has hundreds of millions of users and is preparing to scale users rapidly. LAPSUS$ has been linked to damaging hacks of Ubisoft, Samsung, and Vodafone in recent weeks. “Even security researchers cannot specify which (if any) ransomware strains the group uses, or how they are breaching these companies. “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” Matthew Prince, CEO of Cloudflare, an Okta customer, tweeted earlier today: “We are resetting the @Okta credentials of any employees who’ve changed their passwords in the last 4 months, out of abundance of caution.
Lapsus$ leaking Microsoft source code would be bad enough. Breaching Okta could be much, much worse.
When you have this type of access for an identity platform like Okta, though, the potential impacts are exponentially more extreme. A potential breach of an organization as big and security-conscious as Microsoft would be significant in itself, but the group followed the post with something even more alarming: screenshots apparently taken on January 21 that seem to show Lapsus$ in control of an Okta administrative or “super user” account. On Monday evening, the Lapsus$ digital extortion gang published a series of increasingly shocking posts in its Telegram channel.
Hundreds of large companies, such as FedEx Corp, T-Mobile US Inc, Moody's Corp and Coinbase Global Inc, use Okta's services.
In a 2019 interview with CNBC, Okta’s CEO, Todd McKinnon, said the company had more than 100 million registered users. Okta sells identity services, such as Single Sign-On and Multi-factor Authentication used to log in to online applications and websites. Okta said the breach could be connected to an earlier incident in January. Here are some facts about the company:
A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late ...
"[W]e have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon," Okta chief security officer David Bradbury said in a statement.Okta has over 15,000 customers, according to its website.It's been nearly 24 hours since Okta publicly acknowledged the apparent hack after a mysterious hacking group known as Lapsus$ published screenshots claiming access to an Okta internal administrative account and the firm's Slack channel.The breach created alarm among cybersecurity experts because of how popular the service is with big organizations and the potential access that a hacker could acquire by targeting Okta.But, Bradbury said Tuesday that the Okta service itself hadn't been breached, and the hackers had instead accessed an engineer's laptop who was providing technical support to Okta. "The potential impact to Okta customers is limited to the access that support engineers have," Bradbury said. Okta concedes hundreds of clients could be affected by breachThe Okta Inc. website on a smartphone arranged in Dobbs Ferry, New York, U. S., on Sunday, Feb. 28, 2021.A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late Tuesday amid an ongoing investigation of the breach.
Hello friends and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.
You can select 'Manage settings' for more information and to manage your choices. You can change your choices at any time by visiting Your Privacy Controls. Find out more about how we use your information in our Privacy Policy and Cookie Policy. Click here to find out more about our partners. * Information about your device and internet connection, including your IP address
Authentication firm Okta's statements on the Lapsus$ breach leave key questions unanswered.
The latter is the main mechanism Lapsus$ hackers would likely have abused to take over Okta logins at target organizations and infiltrate. The timing coincides with Lapsus$'s decision to release screenshots, via Telegram, that claim to detail its Okta administrative account access from late January. On Tuesday evening, about eight hours after posting Bradbury's statement, Okta updated the notice with some expanded information.
Okta Inc, whose authentication services are used by companies including Fedex Corp and Moody's Corp to provide access...
A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late ...
"[W]e have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon," Okta chief security officer David Bradbury said in a statement.Okta has over 15,000 customers, according to its website.It's been nearly 24 hours since Okta publicly acknowledged the apparent hack after a mysterious hacking group known as Lapsus$ published screenshots claiming access to an Okta internal administrative account and the firm's Slack channel.The breach created alarm among cybersecurity experts because of how popular the service is with big organizations and the potential access that a hacker could acquire by targeting Okta.But, Bradbury said Tuesday that the Okta service itself hadn't been breached, and the hackers had instead accessed an engineer's laptop who was providing technical support to Okta. "The potential impact to Okta customers is limited to the access that support engineers have," Bradbury said. Okta concedes hundreds of clients could be affected by breachThe Okta Inc. website on a smartphone arranged in Dobbs Ferry, New York, U. S., on Sunday, Feb. 28, 2021.A January cybersecurity incident at popular identity authentication provider Okta may have affected hundreds of the firm's clients, Okta acknowledged late Tuesday amid an ongoing investigation of the breach.
The ransomware group claims that it has had access to customer records since January 2022; Okta says there is no evidence of ongoing malicious activity.
It also showed possible superuser access, and screenshots of Okta's internal Jira and Slack instances. In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.
Okta is a San Francisco-based tech company providing identity authentication services such as single sign-on and multi-factor authentication on apps and ...
Okta said the breach could be connected to an earlier incident in January. OKTA. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022 OKTA. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022
The Lapsus$ cybercriminal group exposed screenshots and messages showing it had successfully breached identify platform Okta. Read about it and see how to ...
That is, of course, if the attacker has not already added backdoors or more content or tooling on the system to allow them to access it again. Phone-based MFA might sound like a good method but in fact it is not, being vulnerable to SIM swapping attacks. This way, if the attacker has already done a password reset and owns access, they will be unable to get the new password and will therefore not be able to access the system again. Its targeting is global, and it has already targeted organizations in technology, IT, telecom, media, retail, healthcare and government. Okta confirmed the breach and communicated about it via its website. According to Okta, approximately 2.5% of its customers have potentially been impacted and might have their data being viewed or acted upon.
A cybercriminal gang known as LAPSUS$ is targeting call centers used by major tech firms and it's paying off, security experts warn.
Companies often don’t do enough due diligence to check on the security of a third-party provider, said Cesar Cerrudo, chief research officer at cybersecurity company Strike. “Sometimes you just get asked to sign a checkbox, that you’re [legally] compliant and that you do security and penetration tests or whatever,” Cerrudo said. On Tuesday, Microsoft confirmed it was a victim of a LAPSUS$ attack, in which one of its company accounts was hacked and used to pilfer company source code. All eyes are drawn to Okta, but right in front of you, the magician is doing something else that’s even more interesting ... and that’s Sitel and the third-party call centers that LAPSUS$ is targeting.” The hackers did that to avoid giving the game away that they were going after call centers, she said. In focusing on Okta, LAPSUS$ had managed to misdirect everyone from the initial breach at Sykes, Nixon said. But as the Sykes hack showed, there are ways for cybercriminals to get to Okta customers’ data without directly targeting Okta. With the compromised Sykes account, the hackers managed to snoop on 2.5% of Okta’s customers, which appeared to include $30 billion web-security provider Cloudflare and 365 others. So it was in January, when an enigmatic hacker collective called LAPSUS$ managed to get hold of an account belonging to a Costa Rica-based Sykes employee who happened to be providing customer service to users of Okta, one of the biggest providers of “single sign-on” software, which lets customers use one password across numerous apps, requiring only a one-time code to get into an account.
Hundreds of customers of digital authentication firm Okta Inc have possibly been affected by a security breach caused by a hacking group known as Lapsus$, ...
People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. People's miniatures are seen in front of Okta logo in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration