'It's not just Russia,' cyber security expert says as Okta's shares slide after hack warning
Record ID:
1665262
'It's not just Russia,' cyber security expert says as Okta's shares slide after hack warning
- Title: 'It's not just Russia,' cyber security expert says as Okta's shares slide after hack warning
- Date: 23rd March 2022
- Summary: PHOENIX, ARIZONA, UNITED STATES (MARCH 23, 2022) (REUTERS) (SOUNDBITE) (English) CYBERSCOUT, FOUNDER, ADAM LEVIN, SAYING: "This incident occurred, I believe, in January. Okta became aware of it. It involved the, a subcontractor of theirs with an engineer that had access to Okta systems for at least the purpose of resetting passwords, because Okta is an authentication compa
- Embargoed: 6th April 2022 20:07
- Keywords: Latin America Oksa Russia breach cyber security servers
- Location: VARIOUS
- City: VARIOUS
- Country: USA
- Topics: Company News Markets,Economic Events,United States
- Reuters ID: LVA005682623032022RP1
- Aspect Ratio: 16:9
- Story Text: Shares in Okta fell 9% on Wednesday (March 23) after the U.S. digital authentication firm said hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$.
The breach sparked concern as the cyber extortion gang had posted what appeared to be internal screenshots from within the organization's network roughly a day ago.
Okta's Chief Security Officer David Bradbury said in a series of blog posts that the "maximum potential impact" was to 366 customers whose data was accessed by an outside contractor.
The contractor, Sitel Group, employed an engineer whose laptop the hackers had hijacked, Bradbury said, adding that the 366 figure represented a "worst-case scenario" and that the hackers had been constrained in their range of possible actions.
A representative for Sykes, a subsidiary of the Sitel Group, said in an emailed statement that the company was unable to comment on its relationship to its customers but it undertook an "immediate and comprehensive" investigation into the breach and had since determined there was no longer a security risk.
San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and applications, so a breach could have serious consequences.
Bradbury said the intruders would have been unable to perform actions such as downloading customer databases or accessing Okta's source code.
Okta first got wind of the breach in January, he added, while Miami-based Sitel Group only received a forensic report about the incident on March 10, giving Okta a summary of the findings a week later.
Bradbury said he was "greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report."
(Production: Andrew Hofstetter, Aleksandra Michalska) - Copyright Holder: REUTERS
- Copyright Notice: (c) Copyright Thomson Reuters 2022. Open For Restrictions - http://about.reuters.com/fulllegal.asp
- Usage Terms/Restrictions: None