Site icon IT World Canada

Okta now manages devices of third parties accessing its customer support tools

Data Breach Graphic

Image by GOCMEN via GettyImages.ca

Identity and access management provider Okta says a cyber attacker accessed the data of only two customers, not 366 as originally feared, after the hacking of one computer at a third-party support supplier by the Lapsus$ extortion gang.

In a report Wednesday, Okta chief security officer David Bradbury said the January attack on customer support provider Sitel lasted only 25 minutes. “During that limited window of time, the threat actor accessed two active customer tenants within the SuperUser application (whom we have separately notified), and viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants,” he wrote.

The threat actor was unable to successfully perform any Okta configuration changes, multifactor authentication password resets or customer support “impersonation” events, Bradbury said. Nor was the attacker able to authenticate directly to any Okta accounts.

Among a number of moves being made to improve customer trust, Okta is terminating its relationship with Sykes/Sitel, and will now directly manage all devices of third parties that access its customer support tools.

A section entitled “Lessons Learned,” included three categories:

1. Third-party risk management:

2. Access to customer support systems:

3. Customer communications: Okta is reviewing its communications processes and will adopt new systems to communicate more rapidly with customers on security and availability issues.

“It pains us,” Bradbury wrote, “that while Okta’s technology excelled during the incident, our efforts to communicate about events at Sitel fell short of our own and our customers’ expectations.”

Last month Bradbury admitted that Okta should have moved faster to get the full report from Sitel about the cyberattack. The summary it saw led Okta to initially downplay the attack. It was only when the Lapsus$ gang published screenshots of the customer data it saw did Okta realize the possible problems.

Exit mobile version