Okta Data Breach Overview

Table of Contents

On January 20, 2022, hackers from the hacking group Lapsus$ compromised Okta’s systems through a laptop used by an engineer of Okta’s service provider Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data. The data security breach was discovered by Okta on January 21, 2022, but Okta disclosed publicly the incident only in March 2022 following the public disclosure of the attack by the hackers themselves, the Lapsus$ group.

What is the Okta data breach?

The Okta data breach is a cyberattack that took place on January 20, 2022, in which hackers from the Lapsus$ group compromised Okta’s systems through a laptop used by an engineer of Okta’s service provider Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data. Okta confirmed that the data breach was discovered on January 21, 2022, and that 366 of its corporate customers were affected by the breach (or about 2.5% of its customer base).

What are Okta, Sitel, and the Lapsus$ hackers group?

Okta

Okta is a San Francisco-based company that provides identity and access management solutions. Its systems were attacked by the Lapsus$ group.

Sitel

Sitel is a customer service company. It was Okta’s third-party service provider. Lapsus$ hackers attacked Okta’s systems through the laptop of a Sitel engineer.

The Lapsus$ group

Lapsus$ is a hacking group that compromised Okta’s systems through a laptop used by an engineer of Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data.

How did the attackers get initial access?

Based on the conclusions of a cybersecurity forensics investigation, on January 20, 2022, hackers from the Lapsus$ group gained unauthorized remote access to a workstation belonging to a Sitel support engineer.

What was the impact of the attack?

Before the forensics investigation, Okta believed the data breach had lasted five days, potentially putting the data of 366 of its customers at risk, but the investigation concluded that the attack actually lasted 5 minutes and that the data of only two customers had been viewed by the attacker.

What actions could help prevent such a breach?

Perform regular penetration testing

Ensure the network security of your systems through regular penetration testing, which will help identify and fix its potential vulnerabilities before they can be exploited by hackers.

Provide employee cybersecurity training

Provide employees cybersecurity awareness and phishing training so they can be aware of any potential risks and know how they can protect their data.

Use strong passwords and two-factor authentication

Using strong passwords and two-factor authentication can help system users protect their accounts from being compromised by hackers.

Apply the ‘least privilege’ access principle

The ‘least privilege’ access principle is the practice of granting users the minimum level of access necessary to perform their job. This can help prevent unauthorized access to sensitive data.

Monitor activity logs

Monitoring activity logs can help identify suspicious activity that may indicate a potential security breach.

Request SOC2 compliance from service providers

In an increasingly complex environment with third-party service providers, like cloud providers, organizations need to request their providers to achieve SOC2 compliance (Service Organization Controls), which is an essential framework for the management of cybersecurity threats in any organization.

Preventing Data Breaches

The Okta data breach is a reminder of the importance of cybersecurity prevention and readiness, as well as the need for transparency and timely communications with stakeholders when a data breach occurs. Cybersecurity prevention starts with awareness and training but also with regular testing of your systems and SOC compliance of your third-party service providers.

Need help securing your sensitive data from breaches? Contact our experts to learn how.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

Recent Blog Posts

Categories

Featured Services

The Latest Blog Articles From Vumetric

From industry trends,  to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.