Okta (IAM)Experiences a Security Breach 2022 — Investigation found Massive Loss

Okta Security Breach

Identity and Access Management (IAM) solutions have become part and parcel of every enterprise infrastructure’s technology landscape. Various vendors cater to such IAM solutions to other enterprises as a part of authentication and security solutions so that employees can gain appropriate access to corporate resources. Okta is one such authentication and identity management firm. Various companies rely on its authentication product. Now, Okta has investigated a report of a security breach. If you want to know more about this security incident, this article is for you.

Who is Okta?

The Okta Identity Cloud is an independent and neutral platform that securely connects the right people to the right technologies at the right time.

The Incident of a security breach –

Okta is a San Francisco-based identity management and authentication software company that caters to IAM solutions to more than 15000 companies. A digital extortion ransom-seeking group named Lapsus$ hit this authentication firm & disclosed this incident by posting some screenshots to its Telegram channel, claiming that they hacked the company. According to researchers, those screenshots were from Okta’s internal service, Okta’s Slack channel, and Cloudflare interface. The cybercriminal group stated that they did not manipulate or steal any data from Okta’s database but were instead interested in accessing its customers.

The security group put the entire security team into disarray by claiming that they have gained access to “Super-user” in the administrative account of Okta’s identity management platform. So many organizations are using Okta as a security gatekeeper by leveraging its authentication and identity solution. That means businesses that are relying on Okta are on high alert.

Okta admitted the security breach –

According to TechCrunch, as per Okta’s statement, 366 corporate customers (roughly 2.5% of its customer base) may get infected by this security breach. This breach allowed cybercriminals to gain access to their internal corporate network. The authentication and identity management giant confirmed and admitted the attack. The first invasion occurred two months before (January). On Tuesday, Okta declared that “they’ve detected an attempt on January to compromise the account of a third party customer support engineer working for one of our sub-processors.” The company also added, “The matter was investigated and contained by the sub-processor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

Initially, Okta blamed an unnamed sub-processor for this breach, as you can read from the above statement. But now, in their updated assertion this Wednesday, Okta’s Chief Security Officer David Bradbury accepted that the sub-processor is a firm called ‘Sykes.’ That company got acquired by a Miami-based contact center firm name Sitel.

According to CNBC’s report, Okta’s shares went down around 7 percent in the trade market in the U.S. because of this security breach. Malicious attackers & cybercriminal groups like Lapsus$ target customer support companies like Sykes and Sitel; try to penetrate their weak defence systems & security loopholes. According to Okta’s CTO Bradbury, the hacking group was in Sitel’s internet network system for five consecutive days on January 2022, from 16 to 21. Then, the attackers were detected and rooted out from their internal network. Since Okta took so much time in notifying this critical security breach, it is getting criticized by lots of security researchers and rival firms. They should have taken this breach seriously when the news broke on social media & Cloudflare posted it on their site.

How to prevent this security threat?

Here are some preventive measures that enterprises can leverage, whether they are using Okta as their authentication product or other IAM solutions.

· Organizations should set password policies where every employee, including the admins, should change their password regularly.

· Leveraging multi-factor authentication is a must.

· Constant monitoring of the network to check for suspicious attempts can save enterprises from such breaches.

· Consult security professionals or security counselling firms like PacketLabs. They have experts who can provide you with the proper guidance so that you can protect your system from security breaches.

.

.

Learn More about Security from https://www.packetlabs.net/learn/
For Technical Content Writing and research articles, Contact Me.