Vyolasyon Sekirite OKTA 2022
Anpil gwo kliyan antrepriz te laperèz pou yo aprann vyolasyon sekirite Okta ki sot pase a.
Okta di 366 kliyan antrepriz, oswa sou 2.5% nan baz kliyan li yo, yo te afekte pa yon vyolasyon sekirite ki pèmèt entru jwenn aksè nan rezo entèn konpayi an.
The authentication giant admitted the compromise after the Lapsus$ hacking and extortion group posted screenshots of Okta’s apps and systems on Monday, kèk de mwa apre entru yo premye te vin jwenn aksè nan rezo li yo.
Okòmansman, vyolasyon an te blame sou yon sous-proseseur san non ki bay sèvis sipò kliyan bay Okta. Nan yon deklarasyon ajou Mekredi, Ofisye anchèf sekirite Okta a, David Bradbury, konfime subprocessor a se yon konpayi ki rele Sykes, ki ane pase a te akeri pa jeyan sant kontak ki baze nan Miami Sitel.
Okta admèt li “te fè yon erè” pa di kliyan pi bonè sou yon vyolasyon sekirite nan mwa janvye, in which hackers were able to access the laptop of a third-party customer support engineer.
The Lapsus$ hacking group published screenshots of Okta’s systems on March 22, taken from the laptop of a Sitel customer support engineer, which the hackers had remote access to on January 20.
“We want to acknowledge that we made a mistake. Sitel is our service provider for which we are ultimately responsible. In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers
Kite yon Reply