Microsoft and Okta Confirm Data Breach Claims by LAPSUS$

Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Okta’s internal system and source code for Microsoft’s Cortana and Bing.

On Tuesday 22nd, Hackread.com reported that LAPSUS$ hackers were claiming to have hacked Microsoft Azure DevOps accounts and Okta Inc., an authentication and access management services provider. 

The latest update is that Okta and Microsoft have confirmed data breaches.

About Okta, Inc. Data Breach

To validate their claims, LAPSUS$ shared screenshots of Okta’s internal infrastructure, including its in-house Slack channels and Atlassian suite. Mocking the firm’s security measures, which LAPSUS$ regarded as “poor”, the hackers stated that they captured these screenshots after gaining access to Okta.com’s admin, superusers, and other systems. Okta, at that time, noted that it was investigating the incident.

Okta Confirms Security Breach

The company concluded that 2.5% of its customers or 375 organizations were affected by the LAPSUS$ gang’s cyberattack. Okta confirmed that the security incident occurred in January and that hackers compromised the laptop of one of its support engineers through which they could initiate a password reset for its customers.

The attackers maintained access to the laptop for at least 5 days between January 16-21, 2022, during which they accessed Okta’s

Read More: https://www.hackread.com/microsoft-and-okta-inc-confirm-lapsus-data-breach/