On January 20, 2022, hackers from the hacking group Lapsus$ compromised Okta’s systems through a laptop used by an engineer of Okta’s service provider Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data. The data security breach was discovered by Okta on January 21, 2022, but Okta disclosed publicly the incident only in March 2022 following the public disclosure of the attack by the hackers themselves, the Lapsus$ group.
What is the Okta data breach?
The Okta data breach is a cyberattack that took place on January 20, 2022, in which hackers from the Lapsus$ group compromised Okta’s systems through a laptop used by an engineer of Okta’s service provider Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data. Okta confirmed that the data breach was discovered on January 21, 2022, and that 366 of its corporate customers were affected by the breach (or about 2.5% of its customer base).
What are Okta, Sitel, and the Lapsus$ hackers group?
Okta is a San Francisco-based company that provides identity and access management solutions. Its systems were attacked by the Lapsus$ group.
Sitel is a customer service company. It was Okta’s third-party service provider. Lapsus$ hackers attacked Okta’s systems through the laptop of a Sitel engineer.
The Lapsus$ group
Lapsus$ is a hacking group that compromised Okta’s systems through a laptop used by an engineer of Sitel. The cyberattack allowed the hackers to gain access to Okta’s customer data.
How did the attackers get initial access?
Based on the conclusions of a cybersecurity forensics investigation, on January 20, 2022, hackers from the Lapsus$ group gained unauthorized remote access to a workstation belonging to a Sitel support engineer.
What was the impact of the attack?
Before the forensics investigation, Okta believed the data breach had lasted five days, potentially putting the data of 366 of its customers at risk, but the investigation concluded that the attack actually lasted 5 minutes and that the data of only two customers had been viewed by the attacker.
What actions could help prevent such a breach?
Perform regular penetration testing
Provide employee cybersecurity training
Provide employees cybersecurity awareness and phishing training so they can be aware of any potential risks and know how they can protect their data.
Use strong passwords and two-factor authentication
Using strong passwords and two-factor authentication can help system users protect their accounts from being compromised by hackers.
Apply the ‘least privilege’ access principle
The ‘least privilege’ access principle is the practice of granting users the minimum level of access necessary to perform their job. This can help prevent unauthorized access to sensitive data.
Monitor activity logs
Monitoring activity logs can help identify suspicious activity that may indicate a potential security breach.
Request SOC2 compliance from service providers
In an increasingly complex environment with third-party service providers, like cloud providers, organizations need to request their providers to achieve SOC2 compliance (Service Organization Controls), which is an essential framework for the management of cybersecurity threats in any organization.
Preventing Data Breaches
The Okta data breach is a reminder of the importance of cybersecurity prevention and readiness, as well as the need for transparency and timely communications with stakeholders when a data breach occurs. Cybersecurity prevention starts with awareness and training but also with regular testing of your systems and SOC compliance of your third-party service providers.
Need help securing your sensitive data from breaches? Contact our experts to learn how.