A recent attack against authentication firm Okta has exposed a huge issue in tech security due to the nature of the attack and how threat actors achieved initial access. Okta was working with customer-support service Skyes, a subsidiary of Sitel Group. Sitel Group is one of the world’s largest call-center providers, making it an attractive partner to large companies such as Amazon and Cisco. Skyes customer-support employees require the ability to access data pertaining to clients. This access is highly attractive to hackers, leading Lapsus$ to launch an attack during which it was able to takeover an account belonging to a Skyes employee. At the time, the employee was providing customer service to Okta users.
Okta is supposed to offer tighter security with services such as a one-time code to authenticate users and allow access to accounts. However, this type of attack proves that no matter how strong the security efforts, attackers are stealthy and find alternative methods of obtaining data without attacking the company itself. Leveraging the compromised account, Lapsus$ was able to view the data of 2.5% of Okta’s customers, including Cloudflare. Hackers could reset passwords and harvest customer information. The breach likely occurred in January, when SitelGroup warned Okta of a potential attack.
Read More: Okta Hack Exposes A Huge Hole In Tech Giant Security
