This morning several reports stated that Lapsus$ breached Okta services. The breach has not been confirmed. Lapsus$ shared screenshots showing a January date, indicating the breach could have occurred in the preceding months. Okta states the threat was immediately contained and there is no evidence of malicious activity.
Lapsus$, a unique threat actor, focuses on data exfiltration and extortion and have claimed responsibility for several other high-profile incidents including leaking source code. They claim to be focused solely on financial gain and do not claim political affiliation. To date they have not deployed encryption software.
What you should do
We recommend several precautions if you use Okta in your environment:
- Contact Okta to determine if there is more information or recommended actions.
- Change passwords for key accounts (e.g. executives).
- Consider implementing increased security in e-mail to combat phishing attacks.
While Okta has not confirmed the data breach, MTR is monitoring the situation thoroughly. MTR will release broadcasts as information becomes available.
SpartanTec, Inc. is vigilant about staying on top of possible threats that could affect your business. Call us today if you have any doubt about the security of your network.
References
REUTERS – Report on Okta Breach
VERGE – Report on Okta Breach
https://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group
BLEEPING COMPUTER – Background on Lapsus$
TWITTER – Statement from Todd McKinnon, CEO of Okta
https://twitter.com/toddmckinnon/status/1506184721922859010
SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/