Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the “highly constrained” compromise.
“On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer’ Okta account [from a new location],” Okta’s Chief Security Officer, David Bradbury, said in a statement. “This factor was a password.”
The disclosure comes after LAPSUS$ posted screenshots of Okta’s apps and systems earlier this week, about two months after the hackers gain access to the company’s internal network over a five-day period between January 16 and 21, 2022 using remote desktop protocol (RDP) until the MFA activity was detected and the account was suspended pending further probe.
Although the company initially attempted to downplay the incident, the LAPSUS$ group called out the San Francisco-based company for what it alleged were lies, stating “I’m STILL unsure how it’s a [sic] unsuccessful attempt? Logged in to [sic] the SuperUser portal with the ability to reset the Password and MFA of ~95% of clients isn’t successful?”
images from Hacker News