The IT company, which provides support for over 15,000 clients ranging from smaller organisations through to business heavyweights including FedEx was initially hacked back in January.
The breach has since been confirmed by Okta’s chief security officer, David Bradbury, who clarified the situation on the company’s website (opens in new tab). The explanation followed the online publication by Lapsus$ of several screenshots on March 22 showing information held by Okta’s third-party customer support engineers.
Like many other IT businesses, the Okta SaaS operation employs the services of several such companies, using them as ‘sub-processors’ to help manage workload. One of these is Sitel, which provides Okta with contract workers for its customer support setup.
Although the hack attempt looks to have originated after Lapsus$ accessed the computer of a customer support engineer, Bradbury explained that it had not resulted in full access to Okta’s systems and that no corrective action was needed by its customers.
Okta has since been carrying out a damage limitation exercise and has said that, at worse, 366 clients have been affected by the hack. The ransomware group, which is thought to be based in South America, has gained notoriety for threatening to release sensitive material if its demands aren’t met.
Lapsus$ has also hacked Microsoft
Okta isn’t alone. Even computing giant Microsoft has allegedly been on the receiving end of hack attempts by Lapsus$ (opens in new tab). The company recently issued a blog post confirming that the cybergang had infiltrated an account, although underlined that none of its customer data or code had been stolen.
Britain's National Cyber Security Centre downplayed the situation following Lapsus$ online activity this week, noting that it had "not seen any evidence of impact in the UK", according to the BBC (opens in new tab).
Cover your tracks with the best VPN service (opens in new tab).