Okta admits lapses in Lapsus$ attack response

Authentication firm Okta has acknowledged making a mistake in managing the Lapsus$ hack that impacted 366 of its customers after failing to better examine a January cyberattack against Sitel, which is one of its third-party service providers, Threatpost reports. Okta said in an FAQ sheet issued on Friday that attackers failed in their attempt to include a password to an Okta account of one of Sitel's customer support engineers on Jan. 20, with Okta resetting the account the following day "out of an abundance of caution." However, a Sitel-commissioned report revealed that Sitel's systems have been accessed between Jan. 16 and 21, which was consistent with the dates Lapsus$ posted on March 21. "In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third-party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel," said Okta.