Little by little, the fog is dissipating on the hacks of Microsoft and Okta by the hackers of Lapsus$. The Redmond publisher confirms that a user account was indeed compromised, giving “limited access” to the company’s source codes. He also minimizes the scope of this data theft in a blog post.
“For Microsoft, code confidentiality is not a security measure and the display of source code does not lead to an increase in risk”can we read.
In short, this hack does not change anything, or almost.
Also see video:
Okta, a problem from a whole new dimension
At Okta, on the other hand, the situation is taking a much more anxiety-provoking turn. After a slightly cryptic tweet from the CEO, the company’s cybersecurity manager, David Bradbury, posted a rather lengthy blog post, delivering technical details of the hack.
Thus, Lapsus$ had access to the platform for five days through the account of a Sitel support engineer, who is an Okta customer. But the impact is still unclear. Okta points out that with such access, you can’t do anything. It would be impossible to delete or create users, download databases or access source codes.
But that’s the theory. In a Telegram message, the hackers hinted at some bad practices, such as storing Amazon Web Services authentication keys in Slack chat channels.
In the event of a “worst case scenario”, the service provider also estimates that hackers could have accessed the resources of 366 companies, or about 2.5% of its customer base. This is all the more frightening as Okta’s customers are mostly medium and large accounts.
Lack of reaction
Along the way, the cybersecurity manager engages in an introspective analysis. The incident was reported to Okta on January 20 and quickly shared with Sitel teams, who then started a forensic analysis.
But a first summary of this investigation does not arrive until March 17, which is quite late. Added to this is a certain lack of discernment within Okta.
“On reflection, we should have moved more quickly after receiving the summary of the report from Sitel, in order to understand its implications”recognizes David Bradbury, while paradoxically affirming that “Okta’s service has not been hacked and no remedial action needs to be taken by customers”.
A rather strange wording, no doubt inspired by the legal department.
Anyway, the torture session is still far from over. Everyone now awaits with fear the first publications of Lapsus$ resulting from this hack. But hackers take their time. On Telegram, they said they had gone on vacation and that they were not expected to return until March 30. Quiet, pirate life.