Okta Breach

Okta Breach

Application Security Posture Management Author
Enso Security
March 23, 2022

Who is Lapsus$

Lapsus$ is an extortion gang that has recently been linked to cyber-attacks on several high-profile targets, such as Nvidia, Samsung, Ubisoft and others. The cyber gang is known for threatening the release of sensitive information if demands by its victims aren’t met. 

What we know

The situation is quickly evolving, but at the time of this blog (March 23, 1:00am EST) Okta has reported that up to 366 customers 'have potentially been impacted' by the hacker attack. Or as Okta's chief security officer David Bradbury announced, around 2.5 percent of the company's more than 15,000 customers "have potentially been impacted" and had their data possibly "viewed or acted upon." (source: https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/)

According to Okta’s CEO Todd Mckinnon, this breach likely stems from an attack on a “third party customer support engineer” working with a subcontractor.  

Immediate course of action for Okta customers

It’s clear to us that this is a rapidly evolving situation with changing parameters, so in the meantime, 3 immediate steps for Okta users to take. 

  1. Be proactive. There are quick and easy proactive actions to take such as 1. Review your Okta users accounts for unfamiliar accounts or suspicious activity; 2. Make sure you enforce multi-factor authentication for all accounts. 3. Rollout of credentials for all high privilege Okta users.
  2. Break out the crisis response manual. This is the time to open your organization’s playbook for incident response, specifically for potential 3rd-party digital supply chain incidents. Get all stakeholders involved, and workshop the scenario ASAP. Let your customers know that you are investigating, and if there are any immediate corrective actions that need to be taken.
  3. Stay updated. As mentioned before this is a rapidly evolving situation as the investigation continues. It is important to stay updated with the Okta blog as this is your most reliable information from the source. 

If you have any questions, please feel free to reach out to us at Enso. We will continue to report on an immediate course of action for mitigation as the situation unfolds. 

Get started today with Application Security Posture Management.

Privacy Policy

Subscribe for updates

Don’t miss out
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share on

There’s more to see

Application Security Management
Enso Security joins Snyk: Enabling security leaders to scale their AppSec program with ASPM
A message from Enso’s CEO Roy Erlich on this momentous occasion
Read now
Application Security Management
An effective AppSec program starts with the right Shift-Left
Case Study: Enso Security + GitHub Advanced Security. How ASPM provides the business context for the best of developer-led security solutions.
Read now
Application Security Management
Code Review - The Good, the Bad, and the Hard to Swallow.
With a little constructive criticism, prioritization and automation, we can make code reviews a painless process for all involved!
Read now