• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
okta confirms investigation into alleged lapsus$ security breach

Okta confirms investigation into alleged LAPSUS$ security breach

You are here: Home / General Cyber Security News / Okta confirms investigation into alleged LAPSUS$ security breach
March 22, 2022

Getty Photographs

Cloud identification and obtain administration supplier Okta has confirmed that it can be investigating a probable breach immediately after the LAPSUS$ hacking team posted screenshots of what seems to be the back-finish of Okta’s programs.

Asserting the breach in the early several hours of Tuesday early morning, LAPSUS$ reported in its Telegram channel that it did not steal or accessibility any Okta databases and their focus was only on Okta’s consumers.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Okta’s CEO Todd McKinnon confirmed that the corporation started off an investigation right after it detected an endeavor to compromise the account of a 3rd party purchaser help engineer performing for one of [its] subprocessors”.

“The issue was investigated and contained by the subprocessor,” McKinnon mentioned. “We feel the screenshots shared online are related to this January occasion,” he additional. “Based on our investigation to day, there is no evidence of ongoing destructive action further than the exercise detected in January.”

IT Pro pressed Okta for further particulars but it did not supply any new information and facts in the statement it shared.

The date and timestamps seen in the screenshots provided by LAPSUS$ indicated the hackers were being within Okta’s atmosphere on 21 January 2022, aligning with the mention of “late January 2022” by McKinnon, which signifies Okta was knowledgeable of a critical breach endeavor and failed to notify shoppers for two months.

LAPSUS$ claimed it was equipped to realize superuser/admin access to the Okta “and many other systems”. 

“For a assistance that powers authentication methods to a lot of of the largest firms, and FEDRAMP-authorised, I think these security measures are rather lousy,” stated the group.

LAPSUS$ showing user account control privileges, sensitive information redacted

LAPSUS$ exhibiting user account regulate privileges, sensitive details redacted

IT Pro

One particular of the visuals posted by LAPSUS$ appeared to present the hackers had been ready to reset consumer passwords for employee passwords. The account shown in the graphic belonged to a Cloudflare employee, a getting which suggests that hackers may well have attained obtain to the Cloudflare tenant, according to Bill Demirkapi, offensive security at Zoom. 

Cloudflare co-founder and CEO Matthew Prince was quick to downplay the influence on his organization, assuring shoppers that while Okta provided identity providers to Cloudflare, it was not a sole company of these solutions and there has not been a breach.

“We are conscious that Okta may well have been compromised,” he stated. “There is no proof that Cloudflare has been compromised. Okta is simply an identification supplier for Cloudflare. Fortunately, we have many layers of security past Okta, and would never ever look at them to be a standalone option.

Okta is named by Gartner as a Leader in its Magic Quadrant for entry management and has been for 5 yrs functioning. The business promises to be world’s number just one id platform and gives companies for much more than 15,000 consumers globally.

Okta delivers providers to enterprises including solitary indication-on (SSO), consumer authentication, and multi-factor authentication (MFA) – implementations that are routinely advisable to organizations for upholding solid security.

Screenshot of the Okta backend with access to multiple applications

Screenshot of the Okta backend with entry to numerous purposes

IT Pro

On the web specialists and observers have raised inquiries over what LAPSUS$ could have accomplished with the amount of entry they experienced to Okta’s SSO products. 

Offensive security gurus speculated that if they experienced the stage of accessibility that authorized them to modify user accounts at Cloudflare, they would feasibly be ready to do the exact same with Okta’s other consumers.

They mentioned it could also be how LAPSUS$ has been ready to obtain so many companies’ resource code in modern months, and that they only ‘burned’ their Okta breach because of to getting rid of access to the system.

In latest weeks, LAPSUS$ has leaked source code from huge technology firms this kind of as Nvidia and Samsung. The team has also claimed to have received information from Vodafone, Impresa, and Mercado Libre.

Hours before on Tuesday morning, LAPSUS$ also leaked a torrent file allegedly containing resource code from Microsoft after the team to start with announced that it had effectively breached the tech huge on Sunday. 

LAPSUS$ claimed that the leak incorporates resource code for Bing, Bing Maps, and Cortana. A Microsoft spokesperson informed IT Pro on Monday that “we are knowledgeable of the promises and are investigating”.

“The potential attack on Okta is a placing reminder of the supply chain’s cyber risks,” said Oz Alashe, CEO at CybSafe and chair of the DCMS’ Marketplace Pro Advisory Group on cyber resilience to IT Pro. “Cyber criminals will usually establish the route of the very least resistance. An authentication instrument this kind of as Okta gives the opportunity to breach hundreds of big enterprises in one particular sweep. ​​​​​​”


Some areas of this article are sourced from:
www.itpro.co.uk

Previous Post: «biden urges us businesses to prepare for russian cyber attacks Biden urges US businesses to prepare for Russian cyber attacks
Next Post: F-Secure launches WithSecure, spinning off entire enterprise portfolio f secure launches withsecure, spinning off entire enterprise portfolio»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Freejacking Campaign By PurpleUrchin Bypasses Captchas
  • ChatGPT Used to Develop New Malicious Tools
  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022

Copyright © TheCyberSecurity.News, All Rights Reserved.