Confusion Reigns Following Lapsus$ Hack of Okta, Up to 366 Customers' Data Accessed by Contractor
Microsoft says that Lapsus$ stole some source code, Russian paper accuses hacker of placing false story, FBI warns energy sector of Russian network scanning, Anonymous claims leak of Nestlé data, more
Check out my latest CSO column, which looks at how states are stepping up cybersecurity measures as threats increase.
Confusion reigns in the wake of the hack of authentication company Okta, with the company shifting its statements. First, Okta characterized the breach by hacking group Lapsus$ as a minor yet unannounced historical incident that affected only a single support engineer’s laptop that had little impact. Now Chief Security Officer David Bradbury says that the "maximum potential impact" was a “worst-case” scenario in which an outside contractor, Sitel, accessed 366 customers’ data.
Okta first learned of the breach in January, he added, while the Miami-based Sitel Group only received a forensic report about the incident on March 10, giving Okta a summary of the findings a week later.
Bradbury said he was "greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report." Okta said it would be…