• Home
  • /Learn
  • /Okta Investigates Report of a Security Breach by Lapsus$ Group
background image


Okta Investigates Report of a Security Breach by Lapsus$ Group


Days after Cloudflare, a leading Identity and Access Management (IAM) solutions provider claimed the attack on Okta, the London police arrested seven teenagers in connection with the cyberhacking group Lapsus$. This extortionist group has also been linked to a slew of attacks on other tech giants, including Microsoft Corporation and Nvidia.

Okta came under heavy fire from rival firms and cybersecurity researchers for sitting on the breach for around two months before notifying the world, and that, too, after Cloudflare came out in the open. Here’s a brief summary of the impact of the Okta breach and steps you can take to safeguard against online extortionists.

The security breach incident

Okta is a San Francisco-based identity management and authentication software company that provides IAM solutions to over 15,000 companies. Lapsus$ reportedly hit Okta and made public its success by posting sensitive screenshots on its Telegram channel. According to researchers, the screenshots shared over Telegram belonged to Okta's internal service, Okta's Slack channel, and Cloudflare interface. Cloudflare has since clarified that its customers are safe and need not take any remedial action as it does ‘not use Okta for customer accounts’. Meanwhile, Lapsus$ seemingly did not manipulate or steal any data from Okta's database but seemed rather more interested in accessing its customer base.

The extortionist group sent the security team at Okta into a frenzy by claiming it had access to "Super-user" in the administrative account of Okta's identity management platform. No sooner had the news of the breach emerged than businesses using Okta’s authentication and identity solution went on a high alert.

Okta’s admission

As per Okta's statement, the security breach has left 366 corporate customers (roughly 2.5% of its customer base) vulnerable. This breach seemingly allowed cybercriminals to gain access to Okta’s internal corporate network. The first invasion occurred two months ago (January 2022) but it was only on Tuesday (March 22, 2022) that the firm admitted to the incident. “We've detected an attempt in January to compromise the account of a third-party customer support engineer working for one of our sub-processors”, the company said, adding: “The matter was investigated and contained by the sub-processor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January”. 

Initially, Okta blamed an unnamed sub-processor for the breach, but revised its statement a day later, with its Chief Security Officer David Bradbury stating that the sub-processor was a firm called Sykes, which merged with a Miami-based contact center company named Sitel last year. 

The repercussion

Hours after the breach was made public, according to CNBC's report, Okta's shares slid 7 percent in the trade market in the U.S. In recent times, the attacks on sub-processor companies like Sykes have seen an uptick, owing largely to their comparatively weaker defence systems & loopholes in security apparatuses. According to Okta's CTO, the hacking group was on Sitel's internet network system for five consecutive days between January 16-21. However, upon discovery, the security team flushed the attackers out, reports claimed. 

How to prevent this type of security threat?

As a company whose bread and butter is identity management, Okta's primary motive is to provide its customers with fool-proof security. However, the recent security breach has put the firm in a tight spot. Nevertheless, it has taken all the necessary steps to ensure that its customer base does not suffer any loss or inconvenience on account of this incident.

Here are some preventative measures that can help ensure your businesses security posture:

  • Implement password policies mandating employees, including the admins, to reset their passwords regularly

  • Make multi-factor authentication mandatory

  • Constantly monitor the network to check for suspicious activities

  • Consult cybersecurity security professionals like Packetlabs, whose expertise in finding vulnerabilities in systems and networks can help close the gaps and keep data protected


The Okta breach is a grim reminder of the importance of comprehensive security measures in the age of increased digitalization. With more and more businesses going online, it has become more important than ever to take all possible steps to ensure the safety and security of their data. Cybersecurity needs to be given top priority to avoid any devastating consequences that may arise from a security breach.

Packetlabs can help you close the gaps in your security posture and protect your data from cyber threats. Our team of experts can provide you with comprehensive insights into your network and system vulnerabilities and recommend the best possible solutions to address them. Contact us today to find out more about our services.