Okta States Security Procedures Limited Hack, but Action Came Sluggishly

After the disclosure of a hack affecting its authentication platform, Okta has maintained that the effects of the breach were contained by security protocols and repeated that users of the service don’t require to take restorative action as a result.

The statements were made by David Bradbury, primary security officer at Okta, in a video call with clients and press Wednesday early morning.

On Monday, hacking group Lapsus$ released images showing that the group had jeopardized Okta’s internal systems, putting countless organizations that depend on the authentication tool on high alert.

“The sharing of these screenshots is an embarrassment for myself and the entire Okta team,” Bradbury stated at the start of the call. “Today I want to provide my perspective on what has transpired, and where we are with this investigation.”

In a 10-minute briefing, Bradbury stated that the hackers had jeopardized Okta’s systems by gaining remote access to a machine belonging to an employee of Sitel — a business subcontracted to provide customer care functions for Okta. Using a remote desktop protocol, the hackers were able to input commands into the jeopardized device and view the display output, allowing them to take screenshots, Bradbury stated.

None of Okta’s systems were directly breached, the CSO said, however the Sitel support engineer’s device was logged-in to Okta when it was jeopardized and remained so from the date of compromise on January 16th till the Okta security team became aware and suspended the account on January 21st.

However, due to making use of least privilege access protocols — in which a network user is only enabled to perform the minimum set of actions required for their task — the hackers were limited in what they could access through a support engineer’s account, leading Okta to state that no corrective action was needed from users of the service.

Information of the breach were put together by a forensic examination company that had been engaged quickly after the unauthorized access was found, however the full report hadn’t been supplied to Okta until recently, according to Bradbury.

“I am greatly disappointed by the long period of time that transpired between our initial notification to Sitel in January, and the issuance of the complete investigation report just hours ago,” Bradbury said.

While impacts of the breach seem less serious than first feared, the Lapsus$ hacker group is emerging as a respected and consistent hazard, having installed confirmed hacks versus a number of large tech companies, and declared responsibility for other occurrences that have actually not yet been concretely attributed to the group.

On Tuesday — the same day that the Okta hack was verified — Lapsus$ also posted source code stolen from Microsoft’s Bing and Cortana items, obtained through compromise of an employee account.

Graphics card producer Nvidia was also hacked by the group in late February, and had staff member credentials leaked online. In a comparable time frame, Lapsus$ declared duty for a breach of South Korean tech giant Samsung in which source code for Galaxy devices was obtained, and likewise indicated that the group was accountable for a “cyber security incident” impacting games developer Ubisoft.

Security professionals see the group as a sophisticated and versatile threat actor and are encouraging potential targets to proactively defend against approaches of compromise.

“This group’s ‘all in’ approach to target its victims with ransom, SIM swapping, exploits, dark web reconnaissance, and reliable phishing tactics shows the focus and open toolbox used to accomplish its goals,” stated Mark Ostrowski, head of engineering at Check Point Software. “Companies and organizations across the globe should focus on education of these tactics to their users, deploy prevention strategies in all aspects of their cyber security programs, and inventory all points of access looking for potential weaknesses.”


  • I tried to fix the world, but God wouldn't give me his source code.

    Formerly, CEO and lead developer of a technology company, focusing on the merchant services space. Formerly, of WHMCompleteSolution (WHMCS).

    An avid gamer.

Leave a comment

%d bloggers like this: