Okta’south chief security officer said the result of the hack was ‘significantly less’ than the maximum potential impact the company shared last month.
Okta said its investigation into a January data breach shows hackers gained control of a workstation for 25 minutes, during which fourth dimension they accessed two customer accounts.
The tech company began the investigation afterwards hacker group Lapsus$ shared screenshots on 21 March suggesting the grouping gained admission to Okta customer accounts in a breach. The company said it looked at a five-24-hour interval window in Jan, with the maximum impact being 366 affected customers.
In a report shared yesterday (xix April), Okta chief security officeholder David Bradbury confirmed that a threat actor actively controlled a single workstation used past a Sitel back up engineer on 21 January, which gave access to Okta resources.
Bradbury said two agile customer tenants were accessed during this time within the SuperUser application. He added that the hacker was also able to view “limited additional data” in certain applications like Slack and Jira.
Okta has not named the two customers impacted simply said they have been notified of the incident.
The admission management software company has more than than 15,000 customers, including DCC, Engie, ITV, Renault, Siemens, Program International, Slack and Pret a Manger.
Based on the forensic report, Bradbury said the threat actor was unable to perform any configuration changes, password resets, or client support impersonation events.
“While the overall impact of the compromise has been adamant to be significantly smaller than we initially scoped, we recognise the wide toll this kind of compromise can take on our customers and their trust in Okta,” Bradbury said.
In a study final month that listed a timeline of events related to the hack, Bradbury revealed that he was “greatly disappointed” by Okta’s delay in getting an investigative report later on the incident.
In the virtually contempo update, Bradbury said Okta has terminated its relationship with Sitel as a result of the hack and is taking measures to improve its third-party risk management.
Lapsus$ is a relatively new hacker group but has made waves in recent months for claiming to be backside a string of high-profile hacks.
In February, chipmaker Nvidia suffered a cyberattack that was claimed by Lapsus$. The group said it had files on Nvidia GPU drivers, which could allow hackers to plough every Nvidia GPU into a bitcoin mining machine.
A week later, the group claimed that it leaked nearly 190GB of data from Samsung. Concluding month, it sent a smirking face up emoji to a news link related to a Ubisoft hack, which may accept been the group taking responsibleness for that cyberattack.
Its most recent hacking claims were related to Okta and Microsoft, with both companies confirming data breaches on 22 March.
Towards the end of March, government in the Uk said they arrested several people in connectedness with the cybercriminal gang, with a teenage boy in Oxford suspected of being one of the masterminds of the grouping.
According to an in-depth report into the group by investigative journalist Brian Krebs, at least ane member of Lapsus$ may as well have been involved in the cyberattack on game maker EA last year, which saw hackers making off with source lawmaking for some games.
ten things you need to know direct to your inbox every weekday. Sign up for the
, Silicon Democracy’s digest of essential sci-tech news.