As Lapsus$ Comes Back From ‘Holiday’, Sitel Clarifies Position on Data Breach

Sitel has released an update on a recent security incident involving hacking group Lapsus$ and Okta.

After the distribution of screenshots by the Lapsus$ group on March 22, which appeared to show unauthorized access to Okta accounts and potentially privileged information, Okta launched an investigation. Sitel, a sub-processor of Okta, was named as the third party responsible for the security breach.

ZDNet recommends:

The best security key

The best security key

While robust passwords help keep your valuable online accounts secure, hardware two-factor authentication takes that security to the next level.

read more

Okta says Lapsus$ affected up to 366 customers in January 2022. For five days, Lapsus$ had access to an Superuser/Admin account allegedly owned by a Sitel customer support engineer. Okta has since said that the company “made a mistake” by not informing customers earlier.

Sitel is our service provider for which we are ultimately responsible. “In January, we didn’t know the magnitude of the Sitel problem — just that we discovered and prevented an account takeover attempt and that Sitel engaged a third-party forensics company to investigate.”

On March 29, Sitel released a statement about the cyberattack, without previously saying that an investigation was underway. Sitel says it is “cooperating with law enforcement on this ongoing investigation and is unable to comment publicly on some details of the incident.”

However, the company has said the incident was only related to the “legacy Sykes network”.

Documents obtained by cybersecurity researcher Bill Demirkapic and viewed by TechCrunch, including a forensic report from Mandiant, suggest attackers had access to a spreadsheet of passwords for domain administrator accounts. Sitel claims the document “listed legacy Sykes account names, but did not include passwords,” but gave no further details.

“The Sitel Group Security team believes there is no longer a security risk related to this incident,” Sitel added. “Even after the completion of the initial study, Sitel Group will continue to work with our cybersecurity partner to assess potential security risks to both the Sitel Group infrastructure and the brands Sitel Group supports around the world.”

After taking a “vacation”, Lapsus$ has started publishing new content on the hacking group’s Telegram chat.

On March 30, Lapsus$ claimed it had compromised Globant, a software development company headquartered in Buenos Aires, Argentina. The threat actors claim that they managed to steal the client’s source code and published a 70GB torrent file.


ZDNet has contacted Globant and will update when we hear back.

Also see

Do you have a tip? Safe contact via WhatsApp | Signal on +447713 025 499, or via Keybase: charlie0

Leave a Comment