Okta has concluded its investigation into last January’s hacking attack. This shows that an unauthorized person had access to the company’s server for a total of 25 minutes. In this time-space he had access to the data of two customers. The perpetrator was unable to access other customers’ data or change passwords.
Okta reports this in an update about the hack attack.
Not 366 customers, but only two customers affected by hack attack
In March, the authentication software company reported that on January 21, a hacker gained access to Okta’s server through the network of Sitel, a third-party company that handles Okta’s customer service. Initially, it was assumed that at least 366 customers were the victims of the hack attack.
Okta is now adjusting that number downwards. The investigation into unauthorized access has been completed. This shows that the attacker was able to gain access to one Okta workstation for a short time via an account of an engineer who is active at Sitel. He was able to view customer information undisturbed for 25 minutes via a SuperUser application.
During this time, the perpetrator has seen data from two customers, Okta reports. The person in question did not make any settings changes, reset multi-factor authentication (MFA) or passwords, or impersonate a customer service representative. Thus, the attacker could not access data from other customers.
Okta promises to get well
In a press release, Okta says it’s important to restore customer confidence in the company’s ecosystem. “The conclusions of the final forensic report do not affect our determination to take corrective actions designed to prevent similar events and improve our ability to respond to security incidents,” Okta said.
The authentication software developer promises to discuss its security processes internally and come up with a new way to roll out updates faster. “We will continue to work on assessing potential risks and, if necessary, communicate with our customers as soon as possible.”
Okta . takes these security measures
Okta has already cancelled its partnership with Sitel and its parent company Sykes. From now on Okta requires suppliers to work according to the Zero Trust principle. The basic idea of Zero Trust is never trust, always verify. Instead of setting up a security architecture where the emphasis is on protecting the outer layer or outer ring, the large corporate network is divided into small, secure networks or implied trust zones. By segmenting the network, there are more control options through authentication and monitoring.
In addition, Okta will immediately monitor all third-party devices that access the company’s customer support tools. For example, Okta wants to reduce response times to respond more effectively to security incidents. Finally, the company is coming up with new systems to communicate more quickly with customers in the event of a security incident.
LAPSUS$ to blame for hacking attack on Okta
Okta does not know who is behind the hack attack. Cybersecurity experts believe LAPSUS$ is responsible for this. That is a hacker group that is active internationally. In recent weeks, the group has claimed multiple victims, including NVIDIA, Samsung and Microsoft.
The group, also known as DEV-0537, is said to have stolen hundreds of gigabytes of confidential data. In the case of Microsoft, the attackers would have stolen parts of the source code of search engine Bing, speech assistant Cortana and navigation program Bing Maps.
British police arrested seven teenagers at the end of March who may have links to the hacker group. A sixteen-year-old boy is said to be the mastermind of the attacks. He and his co-defendants are still in pre-trial detention.
Catch up on more articles here
Follow us on Twitter here