Popular Posts

The Most Common Third-Party Cyber Gaps Revealed

4 Ways to See if You Are at Risk of a Vendor…

By now, you’ve probably heard about the Okta breach by the malicious hacker group Lapsus$. Here’s everything you need to know—from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure.
Okta, a leading provider of Authentication Services and Identity and Access Management (IAM) solutions, says it is investigating claims of a data breach. Okta reports having over 3,800 employees and over 15,000 customers worldwide.
Lapsus$ is a threat actor group believed to be based in Brazil. The group gained notoriety in 2020 for breaching the Brazilian Health Ministry’s computer systems and later attacking other organizations such as Samsung, MercadoLibre, Vodafone and Ubisoft. Their MO is to compromise employee credentials and then to exfiltrate that customer data under the behavior of a legitimate user.
Okta suffered a third-party breach. On March 22, 2022, Lapsus$ leaked screenshots of alleged Okta customer data. In January 2022, Okta had detected an unsuccessful attempt to compromise the account of a third-party customer support engineer working for Sitel. This, it appears, is when the Lapsus$ attack occurred. Okta immediately shared suspicious IP addresses with a third-party forensics firm.
Lapsus$ seems to have acquired “superuser/admin” access to Okta.com and subsequently accessed Okta customer data. The group’s stated intent is not to target Okta specifically, but to compromise customers using Okta as a third party.
As it was announced by Okta, there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer’s laptop. What was also mentioned is that the damage potential to Okta customers is limited to the access their third-party support engineers have. These employees supposedly do not hold customer databases. They do however, manage Jira tickets with limited lists of users. Furthermore, as a sub-processor, they likely had high privileges to the customer accounts of Okta.
Moreover, the actions Lapsus$ was able to execute include resetting customer passwords and potentially changing the email address linked to an account – locking the customer out with devastating effects. The bottom line is that Okta suffered a third-party breach, and as the third-party of so many companies – caused a massive third-party breach of their own.
Any customers using Okta services and any organization whose third parties use Okta as an IdP may be compromised. Okta believes approximately 2.5% of their customers have been impacted, including having their data compromised. They have identified those customers and are contacting them.
Panorays’ third-party security management platform automatically identifies your third parties as well as their vendors (your fourth parties), giving you clear insight into their security posture.
Want to get visibility and control over your third parties? It all starts with knowing who you are doing business with. Find out with Panorays today!