OKTA Security Breach 2022
Many large corporate customers were horrified to learn of the recent Okta security breach.
Okta says 366 corporate customers, or about 2.5% of its customer base, ազդել են անվտանգության խախտման հետևանքով, որը թույլ է տվել հաքերներին մուտք գործել ընկերության ներքին ցանց.
The authentication giant admitted the compromise after the Lapsus$ hacking and extortion group posted screenshots of Okta’s apps and systems on Monday, մոտ երկու ամիս անց այն բանից հետո, երբ հաքերներն առաջին անգամ մուտք գործեցին իր ցանց.
Սկզբում խախտումը մեղադրվում էր անանուն ենթապրոցեսորի վրա, որը հաճախորդների աջակցության ծառայություններ է տրամադրում Okta-ին:. Ան–ում թարմացված հայտարարություն Չորեքշաբթի, Okta’s chief security officer David Bradbury confirmed the subprocessor is a company called Sykes, which last year was acquired by Miami-based contact center giant Sitel.
Okta has admitted it “made a mistake” by not telling customers sooner about a security breach in January, in which hackers were able to access the laptop of a third-party customer support engineer.
The Lapsus$ hacking group published screenshots of Okta’s systems on March 22, taken from the laptop of a Sitel customer support engineer, which the hackers had remote access to on January 20.
“We want to acknowledge that we made a mistake. Sitel is our service provider for which we are ultimately responsible. In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers
Թողնել պատասխան