Okta Co-Founder and CEO Todd McKinnon aims to restore trust after Lapsus$ hack. The disclosure of the data breach took months and was finally only made public by the hacker group Lapsus$. After that, Okta also admitted the successful attack. So Todd McKinnon in an interview on the “Protocol” portal.
In January, the hacking group Lapsus$ found its way onto the laptop of a technician at a third-party Okta support organization - initially believed to have given the group access to potentially hundreds of Okta customers. A later investigation that included additional information found only two customers were affected, according to Okta.
According to Okta, only two customers were affected
But the data breach itself was never the main concern anyway. Many emphasized the fact that it was Lapsus$ and not Okta who told the world about the incident, posting screenshots as evidence on Telegram in March. This raised more than a few questions for Okta on how they're handling the months-old known breach.
The irony is that Okta, as a prominent identity and access management provider, is in business to stop the kind of attack that hit its former support provider, Sitel. McKinnon said the firm did not use the Okta product or multifactor authentication on the compromised engineer's VPN and Office 365 accounts. This left them vulnerable to attack.
The attack and the process
Okta has put a lot of effort into ensuring that the Okta product and platform are secure, and that Okta employees work in safe environments. The external support organization was in a different ring outside of it. Okta says self-critically that it should have been checked that access is secure.
Okta has since ended business relationships with support provider Sitel. As part of the workup, Okta engaged a forensic firm to conduct a full assessment of the security breach. From this it became clear that the attacker originally intruded via a VPN gateway, which did not have multi-factor authentication. After that, Lapsus$ stepped in and exploited a number of Windows vulnerabilities to move and escalate privileges. They were also able to get into Office 365 - because again it didn't have multifactor authentication.
The full interview with additional statements from Todd McKinnon, co-founder and CEO of Okta is available on the Protocol portal.
Kasperky has already analyzed the attack further.
More at Protocol.com