Okta: We made a mistake reporting a Lapsus$ infringement

Okta has admitted it “made a mistake” by failing to inform customers earlier about a security breach in January that allowed hackers to gain access to a remote customer service representative’s laptop.

The hacking group Lapsus$ released screenshots of Okta’s systems on March 22, taken from the laptop of a Sitel customer support technician that the hackers had remote access on January 20.

“We want to acknowledge that we made a mistake. Sitel is our service provider for which we are ultimately responsible. In January, we were unaware of the magnitude of the Sitel problem – only that we detected and prevented an account takeover attempt and that Sitel had an hired a third-party forensic firm to investigate. At the time, we didn’t know there was a risk to Okta and our customers. We should have more active and powerful intelligence from Sitel,” Okta said in a FAQ it published Friday under the ‘Why didn’t Okta inform customers in January?’

On Jan. 20, Okta said it saw an attempt to directly access the Okta network using a Sitel employee’s Okta account, which was detected and blocked by Okta, who then notified Sitel. Other than that attempted access, there was no other evidence of suspicious activity in Okta systems, it said.

Okta is a leading provider of enterprise access management software. It said only 366 customers, about 2.5% of its customers, were affected. However, there are questions as to why customers were not aware of the incident earlier.

In the FAQ, Okta said, “In light of the evidence we’ve gathered over the past week, it’s clear we would have made a different decision had we been in possession of all the facts we have today.”

The company has provided a detailed timeline of events from January 20 — when it received a warning that a new factor had been added to a Sitel employee’s Okta account — to March 22 — the date Lapsus$ published the screenshots taken.

Sitel hired an undisclosed forensics firm to investigate the January 21 breach, which it ended on February 28.

The forensic report to Sitel is dated March 10, and Okta received a summary of that report on March 17, according to Okta’s timeline.

After the screenshots were published, Okta’s chief of security, David Bradbury, said he was “deeply disappointed by the length of time that elapsed between our notification to Sitel and the publication of the full investigation report.”

Leave a Comment