Cloud software company Okta has confirmed that a cybersecurity incident that occurred in January had a much smaller impact than anticipated. The attackers were allegedly able to access the laptop of a third-party customer support engineer. The attack impacted just two other active customer tenants and lasted a total of 25 minutes, according to Okta’s investigation into the matter. The hacking group Lapsus$ is believed to be responsible for the attack, in which threat actors gained access to a laptop belonging to a Sitel customer support engineer.
The incident occurred on January 21 and was revealed on March 22, when Lapsus$ posted screenshots of Okta’s systems. The forensic investigation that followed reported that the hacking group had control of one single workstation, through which they accessed two active customer tenants and viewed information in applications such as Slack and Jira. Lapsus$ was unable to perform any configuration changes successfully, such as password resets or MFA.