Security News > 2022 > March > Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta

Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
2022-03-22 22:14

Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems.

The purported Okta screenshots included one that appears to show Okta's Slack channels and another with a Cloudflare interface.

In an accompanying message, the group said its focus was "ONLY on Okta customers."

On Tuesday, Okta Chief Security Officer Davis Bradbury made a number of claims In an updated statement that, within hours, Lapsus$ dismissed.

The Lapsus$ group's move on Okta makes it clear that these guys are more than simply the new kid on the block, according to security experts.

Jon Hencinski, director of global operations at Expel, told Threatpost that precautionary actions to take immediately include rotating privileged Okta passwords and Okta-generated tokens and reviewing Okta admin authentications and activity for the past four months.


News URL

https://threatpost.com/lapsus-data-kidnappers-claim-snatches-from-microsoft-okta/179041/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774
Okta 8 1 4 5 0 10