Security News > 2022 > March > Okta now says: Lapsus$ may in fact have accessed customer info

Okta now says: Lapsus$ may in fact have accessed customer info
2022-03-23 04:14

Identity management as-a-service platform Okta says the Lapsus$ extortion gang may in fact have managed to see some of its customers' data, and Microsoft has admitted the crew got its grubby paws on some source code.

Okta claims to have more than 15,000 customers, so if 2.5 per cent have been compromised that could be 375 organisations that now need to determine if all logons to their preferred clouds - and the actions taken by authenticated users - were legitimate and/or innocuous.

A single laptop and 375 customers aren't enormous numbers, but Okta customers like Amazon.com, Apple, Microsoft, NTT, and McKesson employ tens or even hundreds of thousands of people.

Microsoft, thankfully, has revealed that while Lapsus$ did indeed manage to see some of its source code - as the gang claimed earlier this week - just one Microsoft account was compromised, and that one offered "Limited access" to source code.

In Microsoft's estimation, the gang uses "Phone-based social engineering: SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication approval; and intruding in the ongoing crisis-communication calls of their targets." Lapsus$ also advertises for staff and offers to pay insiders who leak credentials or otherwise facilitate attacks.

Microsoft's own Azure Active Directory is also on the Lapsus$ hit list - along with Okta.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/23/olkta_microsoft_lapsus/