Hackers' group Lapsus$ reportedly breached 2.5% of Okta's customer base, causing chaos in the cybersecurity sector.

In a series of events, the extortion group Lapsus$ has claimed responsibility for a security breach at Okta, a leading identity and access management company. Okta's Chief Security Officer (CSO), David Bradbury, released an investigation statement on Tuesday, addressing the matter.

According to the statement, Okta announced that a security breach affected 2.5% of its customers on Tuesday night. The company quickly identified and contacted 366 customers whose data may have been viewed or acted upon. It's important to note that in his statement, Bradbury did not mention any new details about the ongoing breach investigation.

The breach at Okta is not the first high-profile target for Lapsus$, who has also been linked to attacks on tech giants like Nvidia and Microsoft. In a confirmation, a Microsoft spokesperson acknowledged that an account was compromised. The organization that Lapsus$ allegedly targeted last before expanding its activities globally is Amtrak.

The screenshots related to the breach were taken from a support engineer's computer at third-party provider Sitel. Lapsus$ used Remote Desktop Protocol (RDP) to gain remote access and compromise the computer.

Lapsus$ is known for its unique tactics, which include purchasing credentials, paying employees at targeted organizations, and searching public code repositories for breached credentials. The group doesn't deploy ransomware but is known for individual user account takeover at cryptocurrency exchanges to drain holdings.

Mandiant's threat research, published on Tuesday, revealed that Lapsus$ also enjoys public naming, shaming, and data leaks, often letting everyone know about their accesses and enjoying the spotlight. The group is unique in its flashiness, as many threat groups remain under the radar, according to Microsoft.

Corporate stakeholders are now seeking to better understand the risk calculus of their technology stacks, asking the question: Are we a target? Andras Cser, VP and principal analyst of security and risk management at Forrester, emphasized the importance of vetting third-parties, contractors, and their employees. This includes auditing compliance, penetration testing checks, and third-party access monitoring processes.

In response to Okta's repeated statements that it had not suffered a breach, Lapsus$ circulated a statement goading Okta's response, as reported by Brett Callow, Emsisoft Threat Analyst, on Twitter.

While the investigation into the Okta breach continues, it's clear that companies must remain vigilant against such threats and take proactive measures to secure their systems and data.

Hackers' group Lapsus$ reportedly breached 2.5% of Okta's customer base, causing chaos in the cybersecurity sector.