Okta has admitted it made a mistake delaying the disclosure of a cyberattack by the Lapsus$ data extortion group that took place in January.
On Friday, Okta said it expressed regret for not disclosing details about the Lapsus$ hack sooner and shared a detailed timeline of the incident and its investigation.
“We want to acknowledge that we made a mistake,” said Okta.
It was reported last week that hundreds of organisations that rely on Okta to provide access to their networks may have been affected by the cyberattack. The attack originated at Sitel, Okta’s third-party provider of customer support services.
Then, Okta said the “worst case” was 366 of its clients had been affected and their “data may have been viewed or acted upon.”
The company has more than 15,000 clients, including FedEx, and smaller organisations such as Thanet District Council, in Kent.
However, it’s latest statement said: “On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer’s Okta account. This factor was a password,” said Okta.
“Although that individual attempt was unsuccessful, out of an abundance of caution, we reset the account and notified Sitel” who further engaged a leading forensic firm to perform an investigation.
“I am greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report,” said David Bradbury, Okta’s chief security officer.
If you liked this content…
“Upon reflection, once we received the Sitel summary report we should have moved more swiftly to understand its implications.”
Okta claimed that in January it wasn’t aware of the extent of the incident which it said it believed was limited to an unsuccessful account takeover attempt targeting a Sitel support engineer.
“At that time, we didn’t recognise that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today,” said Okta.
Criticism and arrests made
Last week, Tenable CEO Amit Yoran, criticised Okta for not telling customers about the compromise sooner and wondered if Okta would have disclosed anything had screenshots not leaked.
“As a customer and as colleagues in the industry, we expect more, and as a market leader delivering critical capabilities, you should expect more of yourselves,” said Yoran. He said Okta customers should have been able to determine their exposure in January when the identity giant first spotted the compromise.
“Two months is too long,” said Yoran. “The compromise should have been disclosed when Okta detected it in January or after a competent and timely forensic analysis.”
Meanwhile, City of London Police said they have arrested seven people between 16 and 21 in relation to an investigation of the Lapsus$ hacking group.
In a statement issued to news agency Reuters, detective inspector Michael O’Sullivan, said: “The City of London Police has been conducting an investigation with its partners into members of a hacking group.”
