Lapsus: Okta, an American identity and access management company, on Tuesday began investigating a digital attack after the Lapsus group began publishing screenshots, claiming to be internal data from the authentication company. The following day, the company’s director of security, David Bradbury, acknowledged that the hack took place at the beginning of the year and may have impacted up to 366 customers, whose names were not revealed.
While it is not yet known how many end users may have been affected, the announcement has caused concern to thousands of organizations. That’s because the service provided by Okta is precisely to create a single, secure sign-on for employees of a wide variety of top-tier customers, such as Fedex and Moody’s.
In Bradbury’s Okta blog post, he provides a timeline, beginning January 20, indicating that the company acted very quickly at first to suspend the account of a Sitel third-party employee whose credentials were being used in a security breach. However, after this action, which took just over an hour, the subsequent forensic analysis took more than two months to complete.
What can happen to the 366 impacted company accounts?
In his post, the executive explains that, like most SaaS (software as a service) providers, Okta uses several outsourced companies to provide services to customers, such as Sitel. However, Bradbury emphasizes, the access provided to engineers at these companies is of a restricted level and does not include the ability to download customer data, although it is natural for them to want to make their own assessments.
Saying he is disappointed with Okta’s delay in taking action on the matter, the executive says he is confident “that the Okta service has not been violated and there are no corrective actions that need to be taken by our customers”.