According to screenshots supplied by BleepingComputer, Lapsus$ claims to have gained “superuser/admin” access to Okta and utilized it to gain access to Okta’s client data. Lapsus$ said it exclusively targeted Okta clients and that it didn’t access or steal any databases from the San Francisco-based identity and access management behemoth.
According to screenshots, Lapsus$ boasted on Telegram, “For a provider that runs authentication systems for many of the top organizations (and is FEDRAMP authorized), I think these security measures are very weak.”
The screenshots released by Lapsus$ are considered to be tied to an event from late January, according to Todd McKinnon, Co-Founder, and CEO of Okta. There is no evidence of continued fraudulent attacks beyond what happened then. In pre-market trading, Okta’s stock fell $14.42 (8.51%) to $154.99 per share, the lowest since March 15.
McKinnon said on Twitter, “In late January 2022, Okta detected an attempt to hack the account of a third-party customer support engineer working for one of our subprocessors.”
According to Reuters, images provided to the Lapsus$ Telegram channel appear to show Okta’s internal tickets as well as its internal Slack discussion. The screenshots are credible, according to independent security expert Bill Demirkapi, who contacted the news agency.
Okta that I organized by a teen who lives in London with his mom is the world’s largest pure-play identity security supplier, with sales of $1.3 billion in the fiscal year ending January 31, 2022, up 56 % from $835.4 million the previous year. The company’s net loss in fiscal 2022 increased by 219% to $848.4 million, compared to $266.3 million the year before, owing mostly to the $6.5 billion acquisition of Auth0 in May 2021.
Lapsus$ announced on Telegram two days before boasting about striking Okta that it has hacked Microsoft Azure DevOps internal source code repositories. Images of access to Bing and Cortana-related projects were released by the ransomware operator on Telegram. Lapsus$ took down the post shortly after it went up, stating, “Deleted, for now, will repost later.”
According to the ransomware organization, Nvidia began a retaliatory hit against Lapsus$ in late February to prevent the distribution of the chipmaker’s stolen data. Threat actors allegedly obtained Nvidia’s network credentials and gained two-factor authentication capability and access to the company’s network through deceit, according to Nvidia. Following that, the actors posted some confidential Nvidia material on the internet.
Want to know more about some cloud security issues, read this: 7 Common Security Threats For Enterprise App Development Company
For the latest technological insights and news from us, visit- Latest News Around Mobile App Technology, Web & Digital transformation