Skip to main content

Hundreds of businesses potentially affected after Lapsus$ hacks Okta

Computer hacker wearing hooded shirt using computer at table
(Image credit: Getty Images)

Cybercriminal outfit Lapsus$ was reportedly behind a recent hacking attack (opens in new tab) on SaaS (opens in new tab) company Okta, the company has claimed this week.

The IT company, which provides support for over 15,000 clients ranging from smaller organisations through to business heavyweights including FedEx was initially hacked back in January.

The breach has since been confirmed by Okta’s chief security officer, David Bradbury, who clarified the situation on the company’s website (opens in new tab). The explanation followed the online publication by Lapsus$ of several screenshots on March 22 showing information held by Okta’s third-party customer support engineers.

Like many other IT businesses, the Okta SaaS operation employs the services of several such companies, using them as ‘sub-processors’ to help manage workload. One of these is Sitel, which provides Okta with contract workers for its customer support setup.

Although the hack attempt looks to have originated after Lapsus$ accessed the computer of a customer support engineer, Bradbury explained that it had not resulted in full access to Okta’s systems and that no corrective action was needed by its customers.

Okta has since been carrying out a damage limitation exercise and has said that, at worse, 366 clients have been affected by the hack. The ransomware group, which is thought to be based in South America, has gained notoriety for threatening to release sensitive material if its demands aren’t met.

Related: Best password managers (opens in new tab).

Lapsus$ has also hacked Microsoft

Okta isn’t alone. Even computing giant Microsoft has allegedly been on the receiving end of hack attempts by Lapsus$ (opens in new tab). The company recently issued a blog post confirming that the cybergang had infiltrated an account, although underlined that none of its customer data or code had been stolen.

Britain's National Cyber Security Centre downplayed the situation following Lapsus$ online activity this week, noting that it had "not seen any evidence of impact in the UK", according to the BBC (opens in new tab).

Cover your tracks with the best VPN service (opens in new tab).

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.