Threat Watch

Okta Confirms Investigation into a Potential Data Breach from Lapsus$ Gang

Okta, a major identity and access management provider, has confirmed that it is investigating a potential breach after a public claim by the Lapsus$ group on Tuesday morning. According to the announcement, the gang got access to Okta’s backend administrative consoles and customer data, they did not steal or access any Okta databases, and their focus was on Okta’s customers only. Todd McKinnon, co-founder and CEO of Okta confirmed on Twitter that the company started an investigation in January 2022. The statement read “In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” Okta’s official statement was published by their Chief Security Officer David Bradbury and can be found here: https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims

ANALYST NOTES

The Lapsus$ gang is also connected to other recent data breaches, including LG Electronics (LGE), Microsoft’s internal Azure DevOps server, and stolen source code for Microsoft Bing and Cortana. Previously, the group leaked data purportedly stolen from Samsung, NVIDIA, and Mercado Libre. Historically, ransomware groups encrypt data to blackmail victims into paying a ransom for the decryption, but Lapsus$ gang instead steals victims’ data and publishes it if their demands are not met. It is not yet known how many of Okta’s customers could be affected by this breach.

https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims

https://www.bleepingcomputer.com/news/security/okta-investigating-claims-of-customer-data-breach-from-lapsus-group/