Lapsus$ Breach Significantly Smaller Than Expected, Okta

Okta said the Lapsus breach that happened in January, was significantly smaller than expected. This was confirmed after a series of investigations.

According to Okta’s Chief Security Officer David Bradbury, the final forensic report showed that the attacker only accessed two active customers after the attacker had gained control of a single workstation used by an engineer working for Sitel.

Bradbury explained that “the threat actor was unable to successfully perform any configuration changes, MFA or password resets or customer support ‘impersonation’ events.”

Okta has ended its relationship with Sitel. Okta now directly manages all third-party devices with access to its customer support tools.

Bradbury said the company will instruct its service providers to meet the new security requirements, including the introduction of the Zero Trust security architecture and authentication via Okta’s IDAM solution for all workplace apps.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web