Okta has it again updated its blog post Related to LAPSUS $ infiltration from January was first revealed by the hacking gang on Tuesday.
“After a thorough analysis of these claims, we have concluded that a small percentage of customers – around 2.5% – were potentially affected and their data could have been viewed or acted upon. We have identified those customers and are contacting them directly,” said Okta CSO David Bradbury.
“If you’re an Okta customer and affected, we’ve reached out directly via email.”
Earlier this month in fourth quarter resultsThe company says it has 15,000 customers, of which 2.5% is 375.
The company said it will conduct a pair of technical webinars during the event on Wednesday.
See more: Okta: Lapsus$ attackers gained access to support engineer’s laptop
For its part, LAPSUS$ says it has won access to a password-resetting superuser portal and multi-factor authentication for 95% of its customers.
“For a zero-trust support company, support engineers seem to have too much access to the Slack channel? 8.6k?” group said.
“The potential impact on Okta’s customers is UNlimited, I’m pretty sure resetting passwords and MFA will result in a complete compromise of many customer systems.”
The group has urged Okta to hire a cybersecurity company and publish any reports it completes. It also claims Okta is storing AWS keys in Slack.
LAPSUS$ also added that many of its members went on vacation for the rest of the month.
“We can be quiet for a while,” the group said.
“Thanks for understanding us – we’ll try to get the content out as soon as possible.”
Meanwhile at Redmond: Microsoft confirms LAPSUS$ hacked account with limited access after gang releases alleged Bing and Cortana source
Speaking to ZDNet last week, Cisco CISO advisor Helen Patton said the CISO has operationally separate them from violation reporting requirements.
“So now that we have attorneys making decisions about whether something is material enough to require a report, that’s not really the spirit of regulation. But I’ve seen that. it’s in Australia and I’m seeing it overseas,” she said.
“This is a countermeasure because the reporting requirements are quite vague.”
Patton said since legitimate folk want to accommodate events as much as possible, they would start low and escalate the impact of events rather than starting high and walking back.
“That really puts the rest of us at risk,” the CISO advised.
“So the question is, what’s the right level to go with? Are you overselling or underselling, to not only protect yourself, but also protect the ecosystem you’re working with?”
“We’re rewarded by underselling … in many ways from a legal, reputational perspective, but from a risk perspective we might want to really oversold because that makes more people wary and hope you will respond more quickly.”
Patton said companies that have issued more than one revision can appear as if they don’t know what they’re doing.
“It is not until you have a certain amount of time to learn about things, respond to things, and learn from experience that you really get good quality information,” she said.
“But our regulators want us to tell them immediately when something looks funny. And there’s a lot of things that look funny in our environment, because of our environment. used to be weird.
“They’re going to get a lot of really bad signals soon, and we’re going to have to figure out how you talk about that publicly when the information is really asymmetric about what you know and what’s really going on.” . That’s a problem. ”
Update at 01:35 p.m. AEDT, March 23, 2022: Added more info about LAPSUS$.
Relevant scope
