Okta names Sitel in Lapsus$ security incident impacting up to 366 customers

Sitel has been named as the third-party allegedly responsible for a recent security incident experienced by Okta. 

In a briefing on Wednesday, David Bradbury, Chief Security Officer at Okta, told virtual attendees that the incident has been “an embarrassment for myself and the entire Okta team.”

ZDNet Recommends

Okta has become the subject of scrutiny following the leak of screenshots by the LAPSUS$ hacking group earlier this week. The images appeared to show that the attackers had obtained access to “Okta.com Superuser/Admin and various other systems.”

The identity and authentication services company said there was a five-day window in which the intrusion occurred.

“The report from the forensic firm highlighted that there was a five-day window of time between January 16 – 21, 2022, when the threat actor had access to the Sitel environment, which we validated with our own analysis,” the CSO said. 

According to Bradbury, a customer support engineer’s laptop was the source of the intrusion, and the device was “owned and managed by Sitel.” 

Sitel is one of Okta’s sub-processors. The executive said that the attackers used the remote desktop protocol (RDP) to access the laptop:

“The scenario here is analogous to walking away from your computer at a

Read More: https://www.zdnet.com/article/okta-names-sitel-in-security-incident-potentially-impacting-hundreds-of-customers/#ftag=RSSbaffb68