There's been another development in the Lapsus$ saga

Hacker Typing
(Image credit: Shutterstock)

The identity management software firm Okta has admitted that it made a mistake in the way in which it handled an attack on one of its suppliers by the data extortion hacking group Lapsus$.

In a recently published FAQ, the company provided a full timeline of the incident beginning on January 20 when it first learned that “a new factor was added to a Sitel employee’s Okta account from a new location”. For those unfamiliar, Okta uses Sitel to provide some customer support services to its users.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

While the attempt to add a new factor was unsuccessful, Okta still went ahead and reset the account in question and notified Sitel regarding the matter by sharing “indicators of compromise” with the company. From here, Sitel informed Okta that it had “retained outside support from a leading forensic firm”.

According to Okta, the company's mistake involved believing that Sitel had shared all of the information it had on the incident and letting Sitel's forensic firm carry out its own investigation. Instead, Okta should have pressed Sitel for more information as the company is its service provider for which it is ultimately responsible.

Investigation results

The forensics firm hired by Sitel delivered its report to the customer support company on March 10 but it wasn't until a week later on March 17 that Okta received a summary report about the incident from Sitel.

A few days later though, Lapsus$ published screenshots on its Telegram channel claiming that they depicted Okta’s company environment, including internal tickets and in-house Slack chats. It was on this same day that Okta finally received the full report commissioned by Sitel which concluded that there was a “five-day period between January 16-21, where an attacker had access to Sitel”.

Okta provided further details on the incident itself and how it would respond now with all of the information in hand in its FAQ, saying:

“In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.”

While Okta says that it is confident that its own service has not been breached, the Lapsus$ group is likely gearing up to hit another big name target soon despite the fact that seven of its potential operatives were recently arrested in London.

Via The Register

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Representational image depecting cybersecurity protection
Top venture capital firm Insight Partners confirms it was hit by cyberattack
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Ransomware
Atos now says its systems weren't hit by a ransomware attack after all
A hand laying out a password
Microsoft fixes concerning issue with its Entra ID authentication tool
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject&#039;s Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead