Okta Accepts its Mistake in Handling the Lapsus$ Attack
Reading Time: 2 minutes

Okta accepts its mistake in handling the Lapsus$ attack on a supplier. According to Okta in a FAQ published last Friday, the firm provided a full timeline of the incident, from January 20 when it discovered “a new factor was added to a Sitel customer support engineer’s Okta account.”

Sitel is a third-party vendor Okta uses to provide some customer support services. The FAQ posted mentioned the attempt to add the new factor (password) was unsuccessful, though on January 21 Okta reset the account and notified Sitel. Later Sitel appointed a leading forensic firm to perform an investigation.

The mistake Okta made was it assumed Sitel had taken all actions necessary in such circumstances. Waited for the investigation Sitel commissioned, rather than explore for more information.

The FAQ mentioned, “In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel.” 

It further stated, “In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.”

The Forensics experts hired by Sitel delivered their report on March 10. Okta received the summary of the document a week later on March 17.

Lapsus$ went on the drop screenshots depicting its operatives on March 22, the same day Okta received the full report commissioned by Sitel.

According to the document, there was a five-day period from January 16–21, 2022 where the attackers were able to access Sitel. Though the attackers only managed to reset the password on January 21. Seven arrests have been made last week related to this incident

Related Articles:
Chatbot Scam- Cyber Criminals Sending Phishing Emails to Trace Deliveries
LAPSUS$ Cyber Attacks Lead to 16-Year-Old Hacker from England
More than 200 Malicious NPM Packages Target Azure Developers