MC: Yeah. Like, we do not even name it Okta. We simply name it Single Sign-On as a result of that is the means that it performs for us.
MC: So what number of firms are on Okta? Like, what number of firms use it?
LN: Okta says they’ve greater than 14,000 prospects. So lots of people, quite a lot of organizations, quite a lot of layers of dependency on this. It’s all hinging on this one level.
MC: And now, please inform us what was the hack? What did Lapsus$ do to Okta?
LN: Yeah. So what truly occurred just isn’t what Okta would need you to know just isn’t solely a direct hack of Okta. Okta, like many firms works with plenty of companions to assist handle their enterprise, like course of information, their contractors mainly, and Okta calls them sub-processors. But as a result of an organization Okta is so essential and it is coping with such delicate info, however extra, it is such a delicate mechanism is what I’m attempting to say, they do not have quite a lot of sub-processors. It’s solely a few dozen they usually’re all kind of massive names, AWS, issues like that, who they’re working with. But certainly one of them is definitely the group that was first compromised to get to love a privileged Okta account, proper? So it is kind of like a two step course of to get there. And that group known as Sitel and notably a division that Sitel acquired referred to as Sykes.
So the hackers focused an worker inside Sykes Sitel who had privileged entry to do kind of customer support and cope with Okta purchasers and information. And they compromised that account. And so in doing so, proper? That means despite the fact that like a trove of passwords wasn’t immediately compromised, you are getting quite a lot of privilege, proper? Plenty of energy from that account, as a result of for instance, that account was empowered to reset passwords and reset multifactor authentication. So despite the fact that you did not know what the outdated password was essentially, they usually’re not simply accessing like a plain textual content checklist of all people’s password at 14,000 firms or one thing like that, the account was giving the attackers the potential to say, OK, effectively, I do not care, as a result of I’m simply going to set a brand new password and I’m going to take away this multifactor authentication and set my very own multifactor authentication or no matter it’s.
And so that’s the hazard and why this was such a large revelation as a result of as we’ll speak about, Lapsus$ can be compromised quite a lot of different massive firms, Okta and Sitel usually are not alone, however there’s kind of this extra significance and this extra potential danger for Sitel and Okta due to Okta’s place inside so many different firms.
MC: Yeah. Can you inform us extra about Lapsus$? How lengthy have they been round and the way do they arrive to our consideration?
LN: The group could be very attention-grabbing. They have a really chaotic power. They emerged not less than in the type that we now know them in December. And in only a few months, they’ve simply been on this rampage, this tear and ramping up and ramping up the measurement and kind of significance of the organizations they’re focusing on. So they began out focusing on like media firms, some e-commerce websites, massive firms in themselves, it is to not diminish it. Some in south America, some in the UK, a little bit bit throughout Europe, however then simply kind of took enormous leap in some unspecified time in the future to start out grabbing information from firms like Nvidia, Samsung, and clearly it is saved escalating to Okta, but in addition the identical day that they introduced or kind of leaked screenshots indicating that that they had this kind of compromise of Okta of some type, in addition they began dumping supply code stolen from Microsoft associated to Bing, Bing Maps and Cortana.