MC: Yeah. Like, we do not even name it Okta. We simply name it Single Sign-On as a result of that is the approach it performs for us.
MC: So what number of corporations are on Okta? Like, what number of corporations use it?
LN: Okta says it has greater than 14,000 prospects. So lots of people, loads of organizations, loads of layers of dependency on this. It’s all hinging on this one level.
MC: And now, please inform us what was the hack? What did Lapsus$ do to Okta?
LN: So what really occurred shouldn’t be solely a direct hack of Okta. Like many corporations, Okta works with plenty of companions to assist handle its enterprise, like course of knowledge, their contractors mainly, and Okta calls them subprocessors. But as a result of an organization like Okta is so crucial, and it is coping with such delicate data—it is such a delicate mechanism is what I’m attempting to say—they do not have loads of subprocessors. It’s solely a few dozen, they usually’re all kind of massive names—AWS, issues like that—who they’re working with. But one among them is definitely the group that was first compromised to get to a privileged Okta account. So it is kind of like a two-step course of to get there. And that group is known as Sitel, and notably a division that Sitel acquired, known as Sykes.
So the hackers focused an worker inside Sykes Sitel who had privileged entry to do customer support and take care of Okta shoppers and knowledge. And they compromised that account. And in doing so, meaning regardless that a trove of passwords wasn’t instantly compromised, you are getting loads of privileges, proper? Plenty of energy from that account, as a result of, for instance, that account was empowered to reset passwords and reset multifactor authentication. So regardless that you did not know what the outdated password was essentially, they usually’re not simply accessing like a plaintext record of all people’s password at 14,000 corporations or one thing like that, the account was giving the attackers the means to say, “OK, well, I don’t care, because I’m just going to set a new password, and I’m going to remove this multifactor authentication and set my own multifactor authentication” or no matter it’s.
And so that’s the hazard, and why this was such an enormous revelation, as a result of as we’ll speak about, Lapsus$ has additionally compromised loads of different massive corporations. Okta and Sitel usually are not alone, however there’s kind of this extra significance and this extra potential threat for Sitel and Okta due to Okta’s place inside so many different corporations.
MC: Yeah. Can you inform us extra about Lapsus$? How lengthy have they been aroun,d and the way did they arrive to our consideration?
LN: The group may be very attention-grabbing. They have a really chaotic vitality. They emerged at the least in the kind that we now know them in December. And in only a few months, they’ve simply been on this rampage, this tear, and ramping up the measurement and significance of the organizations they’re concentrating on. So they began out concentrating on like media corporations, some ecommerce websites—massive corporations in themselves, it is to not diminish it. Some in South America, some in the UK, somewhat bit throughout Europe, however then simply kind of took an enormous leap in some unspecified time in the future to start out grabbing knowledge from corporations like Nvidia and Samsung, and clearly it is stored escalating to Okta. But additionally the identical day that they introduced or kind of leaked screenshots indicating that that they had this kind of compromise of Okta, additionally they began dumping supply code stolen from Microsoft associated to Bing, Bing Maps, and Cortana.