Security News > 2022 > March > Okta: "We made a mistake" delaying the Lapsus$ hack disclosure
Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January.
Okta: "We made a mistake" over late breach disclosure.
On Friday, Okta expressed regret for not disclosing details about the Lapsus$ hack sooner and shared a detailed timeline of the incident and its investigation.
"On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer's Okta account. This factor was a password," explains Okta.
"At that time, we didn't recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today," says Okta.
The application used by Sitel engineers is built with "Least privilege in mind" to ensure that support engineers have only the specific access they require to perform their roles, explains Okta.