Okta offers security solutions to its 15,000 customers, noting that at least 2.5% of them may have been affected by a data leak.
This week, two US companies were the victims of a cyber attack by the Lapsus $ group. The group, already known to have collected sensitive data from Samsung Group and microprocessor company Nvidia, has consistently released data from its new victims in the secure telegram messaging system. These are the Okta team that specializes in access management and security solutions for Microsoft and companies.
In the case of Microsoft, only one screen shot, which was removed very quickly, was able to create a link between the group of pirates and the company.
“At this point, it’s difficult to know the extent of the attack, or even to confirm that it actually happened,” says Baptiste Robert, a cybersecurity researcher.
On the octave side, the story is different. This US company provides secure access management solutions (authentication) to its clients online servers. Therefore its functionality comes under cyber security and security. Among its clients, we find the French Engie, Foncia or the French Red Cross.
Hacking its systems, which are responsible for protecting hundreds of others, can therefore have far-reaching consequences.
On Sunday, March 20, a group of hackers released several screen shots of the Laps $ telegram, showing their access to the company’s networks. These seizures are dated January, suggesting that they may have accessed information for some time.
375 potential victims
Following this release, Lapsus traded with $ through Okta Press releases were interrupted, March 20 to 22. The company, which initially tried to put out the fire, admitted in a recent press release that some of its customers had actually been affected.
“After a thorough investigation, we have determined that a small percentage of customers, approximately 2.5%, may be affected and whose data has been viewed or handled. We have identified these customers and contacted them,” said David Bradbury. Sales for Okta, In a press release issued on March 22nd.
This represents at least 375 of the 15,000 customers the company has requested.
“Hackers gained temporary access to the company’s slack, where they were able to obtain a lot of information, but they also approached slack discussions involving customers,” explains Baptiste Robert. “It is very difficult for a company that provides security solutions to its customers to infiltrate this way,” he continues.
The details of the information at risk are not known, as well as the exact list of vulnerable customers.
The Lapsus $ team, whose identity is unknown, has infiltrated the networks of several large companies such as Samsung, Nvidia and Ubisoft in recent months.
Like many attacks, he goes with his wrongdoing to demand redemption: the attacker publishes evidence of his theft online, and threatens to reveal everything if the attacker refuses to pay.