Lapsus$ operations started earlier this year when the control lasted for 25 consecutive minutes, according to Okta. Previously, the access management firm said that the data breach might have affected many systems.
However, the recent finding reveals that the impact of the incident appears to be "significantly smaller" compared to the previous assumptions. Only two customers were hit by the hackers at that time.
Lapsus$ Breach Only Impacts Two Customers
Okta clarifies that the previous finding of the impact of the Lapsus$ hacking incident is only "significantly smaller" than its suspected maximum impact.
According to Okta's blog post published on Tuesday, Apr. 19, the investigation concludes that the impact of the Lapsus$ hacking incident only hit two customer tenants. Initially, the event took place on Jan. 21, but it was only on March 22 when Okta understood what really happened during the system breach.
The anonymous cybersecurity company said that Lapsus$ hackers gained access to a Sitel workstation based on the final forensic report. The threat actors have taken advantage of the system, but apparently, only two active customer tenants were affected.
Additionally, the experts have discovered that the operation is limited to conducting certain actions for the tenants. As such, Jira and Slack cannot be accessed in the process.
Okta clarifies that the cybercriminals have failed to carry out necessary configuration changes. The Lapsus$ hackers did not succeed in pulling out their tricks such as resetting passwords and impersonating customer support events.
"While the overall impact of the compromise has been determined to be significantly smaller than we initially scoped, we recognize the broad toll this kind of compromise can have on our customers and their trust in Okta," Okta Chief Security Officer David Bradbury said on a blog.
Related Article: Lapsus$ Operations Are Ongoing? Bad Actors Might Still Be Active in Hacking Despite Recent UK Arrest
Okta to Improve Audit Procedures
Last month, Okta shared some information about the incident, where it highlighted that 366 customers were victimized by the Lapsus$ hackers. Moreover, the firm says that it has not enough knowledge regarding the Sitel issue, per ZDNet.
The company adds that it did not know the risk that the incident had caused for the customers. With the final pieces of investigation getting into the picture, it's now time for Okta to give the Security Action Plan access to the customers.
With that being said, Okta mentions that it will launch necessary improvements for its audit procedures, as well as the security assurances intended for the sub-processors.
Moreso, the company has parted ways with Sitel/Sykes. For now, Okta says that it will handle all the third-party devices which have access to customer support tools.
Earlier this month, Tech Times reported that the London police charged the Lapsus$ hackers. The head of the cybercriminal group said that two teenagers below 18 years old were the masterminds behind the scheme.
At that time, the authorities discovered that the group also attacked Argentine-based software development firm Globant.
Read Also: Lapsus$ Hacking Group Claims It Stole 70GB of Data From Apple Health's Partner
This article is owned by Tech Times
Written by Joseph Henry
