Security News > 2022 > March > Okta Says It Goofed in Handling the Lapsus$ Attack
On Friday, Okta - the authentication firm-cum-Lapsus$-victim - admitted that it "Made a mistake" in handling the recently revealed Lapsus$ attack.
In an FAQ published on Friday, Okta offered a full timeline of the incident, which started on Jan. 20 when the company learned that "a new factor was added to a Sitel customer support engineer's Okta account."
Okta has referred to the company as Sitel - a third-party vendor that helps Okta out on the customer-support front - in its updates and FAQ. The threat actor failed in its attempt to add a new factor - a password - to one of Sitel's customer support engineer's Okta account.
Okta Security had received an alert that a new factor was added to a Sitel employee's Okta account from a new location and that the target didn't accept a multifactor authentication challenge, which Okta said blocked the intruder's access to the Okta account.
On the same day, Okta Security shared indicators of compromise with Sitel, which told Okta that it had retained outside support from "a leading forensic firm."
How Okta Screwed Up. As far as why Okta didn't notify customers when it learned of the ATO attack in January, it acknowledged on Friday that "We made a mistake."