Lapsus$ found a spreadsheet of passwords as they breached Okta

Lapsus$ spreadsheet of passwords

Lapsus$ spreadsheet of passwords

The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that provide new details of the cyber intrusion that have not yet been reported.

Customers only learned of Okta’s January security breach on March 22 after the Lapsus$ hacking group published screenshots revealing it had accessed Okta’s internal apps and systems some two months earlier. Okta admitted the compromise in a blog post, and later confirmed 366 of its corporate customers are affected by the breach, or about 2.5% of its customer base.

The documents provide the most detailed account to date of the Sitel compromise, which allowed the hackers to later gain access to Okta’s network.

Okta is used by thousands of organizations and governments worldwide as a single sign-on provider, allowing employees to securely access a company’s internal systems, such as email accounts, applications, databases and more.

Microsoft confirms Lapsus$ breach

The documents, obtained by independent security researcher Bill Demirkapi and shared with TechCrunch, include a Sitel customer communication sent on January 25 — more than a week after hackers first compromised its network — and a detailed timeline of the Sitel intrusion compiled by incident response firm Mandiant dated March 17 that was shared with Okta.

According to the documents, Sitel said it discovered the security incident in its VPN gateways on a legacy network belonging to Sykes, a customer service company working for Okta that Sitel acquired in 2021. VPNs, or virtual private networks, are often a target for attackers since they can be exploited to remotely access a company’s network.

The timeline details how the attackers used remote access services and publicly accessible hacking tools to compromise and navigate through Sitel’s network, gaining deeper visibility to the network over the five days that Lapsus$ had access. Sitel said that its Azure cloud infrastructure was also compromised by hackers.

Lapsus$ spreadsheet of passwords

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts