Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Okta’s internal system and source code for Microsoft’s Cortana and Bing.
On Tuesday 22nd, Hackread.com reported that LAPSUS$ hackers were claiming to have hacked Microsoft Azure DevOps accounts and Okta Inc., an authentication and access management services provider.
The latest update is that Okta and Microsoft have confirmed data breaches.
About Okta, Inc. Data Breach
To validate their claims, LAPSUS$ shared screenshots of Okta’s internal infrastructure, including its in-house Slack channels and Atlassian suite. Mocking the firm’s security measures, which LAPSUS$ regarded as “poor”, the hackers stated that they captured these screenshots after gaining access to Okta.com’s admin, superusers, and other systems. Okta, at that time, noted that it was investigating the incident.
Okta Confirms Security Breach
The company concluded that 2.5% of its customers or 375 organizations were affected by the LAPSUS$ gang’s cyberattack. Okta confirmed that the security incident occurred in January and that hackers compromised the laptop of one of its support engineers through which they could initiate a password reset for its customers.
The attackers maintained access to the laptop for at least 5 days between January 16-21, 2022, during which they accessed Okta’s customer support panel and Slack server. This information is consistent with the screenshots LAPSUS$ group shared on Telegram. The screenshots showed the email address of an Okta employee having superuser privileges, which led them to list users, reset MFA/passwords, and access support tickets.
However, Okta claimed this compromise might just be limited to the extent of access support engineers can have. Thus, attackers cannot create, delete, or download databases.
“We have identified those customers and are contacting them directly. If you are an Okta customer and were impacted, we have already reached out directly by email.”
Microsoft Azure DevOps Breach
The Lapsus$ gang posted screenshots on their Telegram channel, claiming to have accessed internal Microsoft systems. The group stated that they gained access to 37GB of Microsoft’s Azure DevOps server source code for numerous internal Microsoft projects, including Bing Maps, Bing, and Cortana.
Microsoft Confirmed DevOps Account Breach
Microsoft has now confirmed the claims made by LAPSUS$, which it tracks as DEV-0537. Microsoft explained that the gang compromised an employee’s account and gained limited access to its source code repositories. The hackers could steal portions of their source code, but customer code or data wasn’t accessed.
Microsoft further stated that its cybersecurity response team acted promptly to address the issue and remediate the impacted account to prevent a further breach.
“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”
More Data Breach News
- Microsoft Bing server exposed user search queries and location data
- DNA contractor data breach exposed OKC Police’s rape kit information
- Samsung confirms data breach as Lapsus$ hackers leak its source code
- Cyber Security Incident Pushes Ubisoft to Issue Internal Password Reset
- Croatian Police arrests minor over A1 Telecom data breach & ransom demand