Identity-as-a-Service (IDaaS) provider Okta has admitted that it committed a critical error in its management of the extortion group Lapsus$ attack on a supplier.
Okta provided a comprehensive timeline of the incident in a FAQ released last Friday, beginning on January 20 when the business noticed a new factor was introduced to the Okta account of Sitel customer support engineer.
Sitel is a third-party vendor that Okta uses to provide some customer support services. Okta’s mistake, in its opinion, was to presume that Sitel had given all relevant information and to wait for the inquiry Sitel had commissioned rather than pressing for more.
Read More: https://threatpost.com/okta-goofed-lapsus-attack/179129/