Okta Says It Goofed in Handling the Lapsus$ Attack

“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.

On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack.

The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover (ATO) at one of its service providers and that the attackers wouldn’t reach their tentacles back to drag in Okta or its customers.

Wrong-o, it turned out: About a week ago, Lapsus$ bragged about having gotten itself “superuser/admin” access to Okta’s internal systems, gleefully posting proof and poking fun at Okta for its denials that the Jan. 20 attack had been successful.


Okta went on to discover that the attack had affected 2.5 percent, or 366, of its customers.

In an FAQ published on Friday, Okta offered a full timeline of the incident, which started on Jan. 20 when the company learned that “a new factor was added to a Sitel customer support engineer’s Okta account.”

What Happened at Sitel

The target of the Jan. 20 attack was

Read More: https://threatpost.com/okta-goofed-lapsus-attack/179129/