Tech

Okta Hack? Customers Scramble as Okta Tries to Clarify Breach


Independent security researcher Bill Demirkapi said: “In Okta’s statement, they say they were not breached and the attacker’s attempt was ‘unsuccessful’, but they openly admit that the attackers has access to customer data. could have access to confidential customer data, why they never informed any of their customers? ”

In fact, the breach by third-party service providers is an established attack path to ultimately compromise the primary target, and Okta itself seems to have carefully limited the circle of “processor” his sub’. ONE list of these branches from January 2021 shows 11 regional partners and 10 sub-processors. The second group is well-known entities like Amazon Web Services and Salesforce. Screenshots indicate that Sykes Enterprises, which has a group located in Costa Rica, may be an affiliate that may have compromised the admin accounts of Okta employees.

Sykes, owned by business services outsourcing company Sitel Group, said in a statement, first reported by Forbesthat it had been hacked in January.

“Following a security breach in January 2022 that affected parts of the Sykes network, we acted quickly to contain the incident and protect any customers who may have been affected,” the company said. company said in a statement. “As a result of the investigation, along with our ongoing assessment of external threats, we believe there is no longer a security risk.”

Sykes’ statement went on to say that the company “cannot comment on our relationship with any particular brand or the nature of the services we provide to our customers”.

On his Telegram channel, Lapsus$ posted a detailed (and often self-congratulatory) rebuttal to Okta’s claim.

“The potential impact on Okta customers is UNLIMITED, I’m pretty sure about password resets and [multifactor authentication] will lead to the complete compromise of many customer systems,” the team wrote. “If you are committed [sic] for transparency, how about you hire a company like Mandiant and PUBLISH their report? “

However, for many Okta customers struggling to understand the likelihood of being impacted by an issue, all of this doesn’t make clear the full scope of the situation.

“If an Okta support engineer was able to reset passwords and multi-factor authentication for a user, this could pose a real risk to Okta customers,” said Red Canary’s McCammon. . “Okta customers are trying to gauge their risk and potential exposure, and the industry as a whole is looking at this through the lens of readiness. If or when something similar happens to another identity provider, what are our expectations for proactive notification and how should our response evolve? ”

Clarity from Okta will be especially valuable in this situation, because Lapsus champion $ The motive is still unclear.

“Lapsus$ has expanded their targeting beyond specific verticals or specific countries or regions,” said Pratik Savla, a senior security engineer at security firm Venafi. “This makes it difficult for analysts to predict which companies are most at-risk next. It’s likely a deliberate move to keep people guessing, because these tactics have served the public well. attackers so far.”

As the security community scrambles to get their hands on the Okta situation, Lapsus$ could have even more revelations.


Stories with WIRED are more amazing



Source link

newsofmax

News of max: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button
Immediate Matrix Immediate Maximum