Okta says 366 business customers, or about 2.5% of its customer base, were affected by a security breach that allowed hackers to gain access to the company’s internal network.
The authentication giant accepted the compromise after hacker and ransomware group Lapsus$ posted screenshots of the Okta app and system on Monday, nearly two months after hackers first gained access to its network.
The breach was initially attributed to an unnamed adjunct providing customer support services to Okta. In an updated statement Wednesday, Okta’s head of security David Bradbury confirmed that the sub-processor is Sykes, which was acquired last year by Miami-based contact center giant Sitel.
Customer service companies such as Sykes and Sitel often have greater access to the organizations they support in order to fulfill customer requests. Malicious hackers have previously targeted customer support companies, which often have weaker cyber security than some of the highly secure companies they support. Both Microsoft and Roblox have faced similar target agreements from customer support agent accounts accessing their internal systems.
According to Bradbury, in Octa’s case, the Lapsus$ hackers spent five days on Sittel’s network from January 16 to 21, 2022, until the hackers were discovered and booted from the network.
The news spread on social media while Okta faced significant criticism from the wider security industry for the way it was hacked and months-long delays in notifying customers. According to Bradbury, Sitel hired an unnamed forensic company to conduct the investigation, which ended March 10. Exactly one week later, on March 17, the report was submitted to Okta.
Bradbury said he was “deeply disappointed with the time that passed between our notice on the site and the release of the full investigation report”, acknowledging that Octa “should have acted faster” to understand the implications of the report.
But an email from a Cytel spokesperson disputed Octa’s characterization of the report, saying that the security breach “did not affect legacy Cytel Group systems or networks; Only Sykes’ legacy network was affected.” (A spokesperson for the site declared his email “off the record,” requiring both parties to agree to the terms in advance. We’re typing responses because we had no way to reject.) also stated that Sitel had no proof. about the data breach, but declined to say whether it has resources, such as log files, to determine what data the attackers have accessed or potentially out of date. The violations were investigated.
A previous statement provided to Sietel spokeswoman Rebecca Sanders said: “As a result of the investigation, along with our current assessment of external threats, we believe that the security threat no longer exists. We cannot comment on our relationship with specific brands. or the nature of the services we provide to our clients.”
Octa has not yet answered gaming-updates’s questions about the hack.