At least 366 Okta customers have been victims of the cyber attack by hacker group LAPSUS$. That’s not the final score yet: the investigation into the hack is still ongoing. The number of victims may continue to rise.
Todd McKinnon, Okta’s general manager, confirmed this to Bloomberg.
LAPSUS$ attacks Okta through partner
LAPSUS$, also known as DEV-0537, is an international hacker group that has claimed numerous victims in recent months. NVIDIA, Samsung, and Microsoft, among others, were the target of the hacker collective. In all, the hackers allegedly stole hundreds of gigabytes of confidential data. In the case of Microsoft, the attackers would have stolen parts of the source code of search engine Bing, speech assistant Cortana, and navigation program Bing Maps.
Another major company to bear the brunt of LAPSUS$ was Okta. Okta provides authentication software to more than 15,000 customers worldwide, including Amazon and Apple. The hackers managed to penetrate Sitel’s network on January 21. Then they managed to access Okta’s network.
At least 366 victims, possibly more
Okta waited until March 22 to disclose the hack after LAPSUS$ members shared screenshots and images of Okta’s internal work environment via Telegram. CEO Todd McKinnon told Bloomberg on Monday that the delay is “unacceptable”. “Communication was not as clear as it should have been,” the CEO added.
McKinnon says he had no idea of the impact of the attack in January. Only on March 22 did he know what the hackers had caused. The company immediately started informing customers. The technical impact for customers was “close to zero”, according to the director. The partnership with Intel