Okta Breach

Okta Breach

Application Security Posture Management Author
Enso Security
March 23, 2022

Who is Lapsus$

Lapsus$ is an extortion gang that has recently been linked to cyber-attacks on several high-profile targets, such as Nvidia, Samsung, Ubisoft and others. The cyber gang is known for threatening the release of sensitive information if demands by its victims aren’t met. 

What we know

The situation is quickly evolving, but at the time of this blog (March 23, 1:00am EST) Okta has reported that up to 366 customers 'have potentially been impacted' by the hacker attack. Or as Okta's chief security officer David Bradbury announced, around 2.5 percent of the company's more than 15,000 customers "have potentially been impacted" and had their data possibly "viewed or acted upon." (source: https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/)

According to Okta’s CEO Todd Mckinnon, this breach likely stems from an attack on a “third party customer support engineer” working with a subcontractor.  

Immediate course of action for Okta customers

It’s clear to us that this is a rapidly evolving situation with changing parameters, so in the meantime, 3 immediate steps for Okta users to take. 

  1. Be proactive. There are quick and easy proactive actions to take such as 1. Review your Okta users accounts for unfamiliar accounts or suspicious activity; 2. Make sure you enforce multi-factor authentication for all accounts. 3. Rollout of credentials for all high privilege Okta users.
  2. Break out the crisis response manual. This is the time to open your organization’s playbook for incident response, specifically for potential 3rd-party digital supply chain incidents. Get all stakeholders involved, and workshop the scenario ASAP. Let your customers know that you are investigating, and if there are any immediate corrective actions that need to be taken.
  3. Stay updated. As mentioned before this is a rapidly evolving situation as the investigation continues. It is important to stay updated with the Okta blog as this is your most reliable information from the source. 

If you have any questions, please feel free to reach out to us at Enso. We will continue to report on an immediate course of action for mitigation as the situation unfolds. 

Subscribe for updates

Don’t miss out
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share on

There’s more to see

Application Security Management
Special Report: AppSec Trends 2023
In a survey of over 40 security leaders, findings indicate that AppSec is a critical, top 3 priority for today's security decision-makers.
Read now
Application Security Management
Running a Marathon, Not a Sprint - The AppSec Posture Paradigm Shift
Are we on the verge of a monumental shift in how we approach AppSec? Enso's Head of Research explains in his latest blog.
Read now
Application Security Management
Enso Security Named Winner in the 12th Annual 2022 Business Excellence Awards
Enso wins the Startup Achievement award for the first-ever Application Security Posture Management platform!
Read now