Authentication software builder Okta, which was hacked back in January, waited to disclose the hack until March when the gang itself began leaking screenshots.

 

Okta’s hack became public knowledge last week when the Lapsus$ gang itself began leaking screenshots taken from the account of a helpdesk employee of the maker of authentication software. The company now admits that it has made mistakes in communication. It should have announced the hack sooner, it now says.

The company now lists what happened in a report. According to that report, the gang got into an account with Sitel, the third-party customer support provider. A helpdesk employee there reportedly requested a new password on January 20, and the Okta security team was notified. “Although the individual attempt was unsuccessful, we reset that account and notified Sitel,” Okta said. Further investigation then had to be conducted by Sitel, with the actual report coming a few weeks later.

Okta now says it should have communicated more quickly with Sitel in January and requested the report earlier but did not know at the time how significant the incident was. During the attack, the cyber gang eventually had access to the laptop of a helpdesk employee for about five days, which could, among other things, recover passwords from customers. The employee in question was able to see data from about 2.5% of Okta’s customers and assign them new passwords. However, the helpdesk employees have particular rights, and they can download, create or delete customer data. They also cannot log into customer accounts themselves.

When the hack became known last week, Okta initially indicated that there would be no problems for customers. However, a few days later, the company had to admit that some of its customer data were seen by attackers.