Okta claims its Lapsus$ data breach only affected two customers

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Okta has looked to play down fears that it was affected by a major data breach earlier this year.

The identity management giant has revealed the final findings of its investigation into an attack in January 2022, reportedly at the hands of the notorious Lapsus$ hacking group.

It had been thought that hundreds of Okta's 150,000-plus customers, including some big corporate names, had been affected, but fortunately, the company now believes this was not the case.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Lapsus$ fails to strike?

In a blog post announcing the findings, Okta Chief Security Officer David Bradbury outlined that the incident was caused by the "compromise" of a third-party vendor, named only as a, "third-party forensic firm, engaged by our vendor Sitel".

Bradbury notes that having thoroughly gone through its reports and systems, Okta found that the hacker (who also remains unnamed and unattributed for now) was only able to actively control a single workstation for 25 consecutive minutes on January 21, 2022.

The blog goes on to note that this "threat actor" was able to access the details of two Okta customers through its SuperUser app, including viewing, "limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants."

Okta says it has notified and held full debriefs with both of the affected customers, but notes that the threat actor was unable to "perform any configuration changes, MFA or password resets, or customer support “impersonation” events" or "authenticate directly to any Okta accounts".

"While the overall impact of the compromise has been determined to be significantly smaller than we initially scoped, we recognize the broad toll this kind of compromise can have on our customers and their trust in Okta," Bradbury concludes.

He goes on to note that Okta will be making a series of changes and improvements to its security practices going forward, including, "reviewing our security processes and pushing for new ways to accelerate updates from third parties and internally for potential issues, both big and small."

The company says it will also now directly manage all devices of third parties that access our customer support tools, giving it greater oversight on network access and also look to adopt new systems that help us to communicate more rapidly with customers on security and availability issues.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.