Lapsus$ Breached Okta Using Spreadsheet Of Passwords

Lapsus$ was able to infiltrate Okta’s internal system after accessing a spreadsheet of passwords on compromised Sitel’s internal network.

Sitel discovered the security incident in its VPN gateways on a legacy network belonging to Sykes, a customer service company working for Okta and acquired by Sitel in 2021.

The attackers used remote access services and publicly accessible hacking tools to compromise and navigate through Sitel’s network.

After gaining deeper visibility into the network, the hackers were able to gain access to a spreadsheet on Sitel’s internal network called “DomAdmins-LastPass.xlsx.”

The spreadsheet file contained passwords for domain administrator accounts that were exported from a Sitel employee’s LastPass password manager.

The hackers created a new Sykes user account that gives them broad access to the organization and helps keep them within the system in case they were discovered and locked out.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web