Okta sought to assuage fears that it was affected by a major data breach earlier this year.
The identity management giant has revealed the final findings of its investigation into a January 2022 attack allegedly at the hands of the notorious Lapsus$ hacking group.
Hundreds of more than 150,000 Okta customers, including some big corporate names, were thought to have been affected, but fortunately, the company now believes that was not the case.
Lapsus$ does not attack?
In a blog post announcing the findings, Okta Chief Security Officer David Bradbury highlighted that the incident was caused by the “compromise” of a third-party vendor, named simply as “third-party forensics company, contracted by our vendor Sitel.” .
Bradbury notes that after thoroughly reviewing its reports and systems, Okta found that the hacker (who also remains unnamed and unattributed for now) was only able to actively control a single workstation for 25 consecutive minutes on January 21, 2022. .
The blog goes on to note that this “threat actor” was able to access the details of two Okta customers through its SuperUser app, including viewing “limited additional information in some other apps such as Slack and Jira that cannot be used to run shares in Okta Client Tenants.”
Okta says it notified and maintained full interrogations with both affected customers, but notes that the threat actor was unable to “perform configuration changes, MFA or password resets, or customer support “impersonation” events” or “authenticate directly to any Okta accounts”.
“While the overall impact of the commitment was found to be significantly less than initially anticipated, we recognize the heavy toll this type of commitment can take on our customers and their trust in Okta,” concludes Bradbury.
He goes on to note that Okta will make a number of changes and improvements to its security practices going forward, including “reviewing our security processes and looking for new ways to accelerate third-party and internal updates for potential issues, big and small.”
The company says it will now also directly manage all third-party devices that access our customer support tools, providing greater oversight of network access, and will also adopt new systems that help us communicate more quickly with customers about security issues and availability.