How Lapsus$ Breached Okta and What Organizations Should Learn
Businesses have to be extra vigilant in safeguarding customer data. Minor mistakes can cause a massive data breach, violating data privacy regulations and attracting penalties from regulatory authorities.

Table of Contents
- What Is Okta?
- Why Is Okta In the News?
- How Was the Attack Executed?
- Who Is Behind Okta’s Breach?
- The Key Reasons That Caused The Security Breach
- What to Learn From Okta's Cyber Hack?
- To Conclude
What Is Okta?
Protecting customer data is paramount to every business organization. Even though businesses deploy the most stringent security measures to safeguard data, malicious actors somehow find security shortcomings to access network systems and cause data breaches, compromising the confidentiality, integrity, and availability of information.
Cybersecurity firms like Okta, which provides identity management solutions and deals in authentication space, make the backbone of an organization's cybersecurity posture. Okta serves 15000+ customers worldwide. The Okta data breach by Lapsus$ is a recent example of what can happen if business organizations depend on third-party solution providers who show laxity in implementing robust cybersecurity strategies, frameworks, and controls.
It is also a cautionary tale for cybersecurity MSPs (Managed Services Providers) and ITSPs (IT Solution Providers) to ensure that they have the best of security controls in place to prevent incidents like this.
What Is Okta?
Okta is an identity platform and offers identity and access management solutions such as Single sign-on (SSO), Multi-Factor Authentication (MFA), etc., for an organization's customers and employees.
Why Is Okta In the News?
Okta’s CSO (Chief Security Officer) David Bradbury recently published an official statement about a support engineer whose computer was accessed by malicious actors for five days in mid-January (between January 16 to 21, 2022) and said they detected the unsuccessful attempt early on.
How Was the Attack Executed?
Okta has now confirmed that malicious actors had access to one of its employees' laptops for five days in January 2022 but maintained there has been no data breach and remains fully operational. However, they concede that around 2.5% of its customers (about 366) might have been affected.
Here is how the attack happened.
- On March 22, 2022, a hacking group identifying itself as Lapsus$ posted some screenshots in its Telegram channel claiming to have compromised Okta's internal systems. The screenshots included Okta's Slack channels, super admin dashboard (access to reset passwords and MFA of their business customer’s employees — the customer in the screenshot was Cloudflare), and JIRA board.
- Okta's CSO responded through a blog post stating that the incident that Lapsus$ refers to had happened in January 2021 when it detected an attempt by hackers to compromise the account of a customer support engineer working for a third-party service provider.
- Okta alerted the service provider, suspended the engineer's account, and terminated the user's active Okta sessions. Besides, the company shared pertinent information with a third-party forensics firm for investigation.
- The investigation reported that hackers accessed the engineer's laptop for five days in January 2022.
- However, Lapsus$ claims that it had gained admin access to Okta's systems for two months, and it found Okta storing AWS keys in Slack channels. Furthermore, the hacker group claimed that it used its access to focus on Okta's customers.
Who Is Behind Okta’s Breach?
News reports show that a group of unscrupulous actors identifying themselves as Lapsus$ in their Telegram channel was behind this Okta breach. They were aided by a customer support engineer working for a third-party service provider whose laptop was accessed by these hackers to gain vital information. Lapsus$ is also known as a notorious threat actor group — DEV-0537. This group has a history of taking over individual user accounts to drain their crypto holdings at cryptocurrency exchanges.
The Key Reasons That Caused The Security Breach
The forensics report cited by Okta's CSO did not state how the hackers managed to gain access to the support engineer’s laptop, but the fingers point towards negligence by the engineer. However, the hackers claim to have had access to Okta's systems for more than a month before the January 2022 incident. If these claims are valid, it indicates a significant security breach at Okta's network center.
Okta Breach: What Was the Impact?
The Okta breach exposed the security frailties of the Okta network system and put 15,000 Okta customers’ data at risk. However, Okta stated it had contacted the affected 2.5% of customers, appraising them of the matter. Okta further noted that the customers need not take any precautionary measures as their data is safe.
The CSO blog post went on to add that the damage was restricted to the access that support engineers have, such as Jira tickets and lists of users. Though customer support engineers facilitate password resetting and MFA, the hackers did not seem to have obtained this information. The CSO also confirmed that customer service engineers could not create or delete users.
Notably, Okta's customers include high-profile enterprises like FedEx Corporation and Moody's Corporation. Hence, Okta's shares plunged 11% immediately after hackers claimed the breach that has put thousands of Okta customers at risk.
What to Learn From Okta's Cyber Hack?
1) Limit Access on a ‘Need-to-Know’ Basis
Limiting access and permissions to the employees is the first step to take. Employees and contractors should only be provided access on a 'need-to-know' basis and must be provided on a ‘least privilege’ basis (minimum access needed to perform a task or job). For example, support engineers shouldn't be able to access internal HR, accounting, or payroll systems. At the same time, marketing personnel should not have access to network configuration or applications that they do not use.
2) Validate Third-party Apps and SaaS Solutions
In an increasing multi-cloud and hybrid-cloud environment, it's paramount to understand the s IT ecosystem, third-party APIs (Application Programming Interfaces) and applications, and Software as a Service (SaaS) solutions deployed. Requesting SOC reports from vendors and contractors can help understand how their information systems are maintained and secured.
3) Implement Robust IAM-PAM Solutions
Implementing robust processes around Identity and Access Management (IAM) and Privileged Access Management (PAM) can help strengthen the cybersecurity posture by making it almost impossible for attackers to barge into the organization’s periphery.
4) Train Employees and Customers
'People' are the most valuable asset for any organization but can also be the weakest link in the cybersecurity chain. Therefore, organizations must regularly review the processes around training and educating employees, vendor-contractors, customers, and users to follow basic cyber hygiene.
5) Be Vigilant
Organizations must continue to monitor and audit the control environments. Leveraging automated monitoring and alerting tools can help overcome many challenges SOC teams face.
6) Audit and Review Regularly
Organizations should perform internal audits and review the systems and monitor the traffic and access permission more frequently. It is also advisable to engage third-party audit firms to get an external and independent view of the cybersecurity posture.
7) Communicate Transparently
In case of a security incident, it is essential to be transparent to the employees, customers, vendors, and regulators and communicate with them immediately about the incident. Organizations should also provide specific guidance on how to safeguard the information assets.
To Conclude
The Okta breach shows that no business organization is 100% safe from malicious attacks. One simplest security issue is sufficient for malicious actors to wreak havoc.
In this specific example, the hackers accessed the laptop of one of Okta's customer service engineers to gain vital insights into the company's customer data. Such incidents prove that customers can never be sure that their information is safe and leak-proof.
However, it offers a valuable learning experience that business entities should not ignore the minutest of details regarding network security. It surfaces the adage that ' A chain is only as strong as its weakest link.'

Featured Posts
TOTP Authentication Explained: How It Works, Why It’s Secure
Advantages of Time-Based One-Time Passwords (TOTP)
JWT Authentication with LoginRadius: Quick Integration Guide
Complete Guide to JSON Web Token (JWT) and How It Works
A comprehensive guide to OAuth 2.0
How Chrome’s Third-Party Cookie Restrictions Affect User Authentication?
How to Implement OpenID Connect (OIDC) SSO with LoginRadius?
Testing Brute-force Lockout with LoginRadius
Breaking Down the Decision: Why We Chose AWS ElastiCache Over Redis Cloud
LoginRadius Launches a CLI for Enterprise Dashboard
How to Implement JWT Authentication for CRUD APIs in Deno
Multi-Factor Authentication (MFA) with Redis Cache and OTP
Introduction to SolidJS
Why We Re-engineered LoginRadius APIs with Go?
Why B2B Companies Should Implement Identity Management
Top 10 Cyber Threats in 2022
Build a Modern Login/Signup Form with Tailwind CSS and React
M2M Authorization: Authenticate Apps, APIs, and Web Services
Implement HTTP Streaming with Node.js and Fetch API
NestJS: How to Implement Session-Based User Authentication
How to Integrate Invisible reCAPTCHA for Bot Protection
How Lapsus$ Breached Okta and What Organizations Should Learn
NestJS User Authentication with LoginRadius API
How to Authenticate Svelte Apps
How to Build Your Github Profile
Why Implement Search Functionality for Your Websites
Flutter Authentication: Implementing User Signup and Login
How to Secure Your LoopBack REST API with JWT Authentication
When Can Developers Get Rid of Password-based Authentication?
4 Ways to Extend CIAM Capabilities of BigCommerce
Node.js User Authentication Guide
Your Ultimate Guide to Next.js Authentication
Local Storage vs. Session Storage vs. Cookies
How to Secure a PHP API Using JWT
React Security Vulnerabilities and How to Fix/Prevent Them
Cookie-based vs. Cookieless Authentication: What’s the Future?
Using JWT Flask JWT Authentication- A Quick Guide
Single-Tenant vs. Multi-Tenant: Which SaaS Architecture is better for Your Business?
Build Your First Smart Contract with Ethereum & Solidity
What are JWT, JWS, JWE, JWK, and JWA?
How to Build an OpenCV Web App with Streamlit
32 React Best Practices That Every Programmer Should Follow
How to Build a Progressive Web App (PWA) with React
Bootstrap 4 vs. Bootstrap 5: What is the Difference?
JWT Authentication — Best Practices and When to Use
What Are Refresh Tokens? When & How to Use Them
How to Participate in Hacktoberfest as a Maintainer
How to Upgrade Your Vim Skills
Hacktoberfest 2021: Contribute and Win Swag from LoginRadius
How to Implement Role-Based Authentication with React Apps
How to Authenticate Users: JWT vs. Session
How to Use Azure Key Vault With an Azure Web App in C#
How to Implement Registration and Authentication in Django?
11 Tips for Managing Remote Software Engineering Teams
One Vision, Many Paths: How We’re Supporting freeCodeCamp
C# Init-Only Setters Property
Content Security Policy (CSP)
Implementing User Authentication in a Python Application
Introducing LoginRadius CLI
Add Authentication to Play Framework With OIDC and LoginRadius
React renderers, react everywhere?
React's Context API Guide with Example
Implementing Authentication on Vue.js using JWTtoken
How to create and use the Dictionary in C#
What is Risk-Based Authentication? And Why Should You Implement It?
React Error Boundaries
Data Masking In Nginx Logs For User Data Privacy And Compliance
Code spliting in React via lazy and suspense
Implement Authentication in React Applications using LoginRadius CLI
What is recoil.js and how it is managing in react?
How Enum.TryParse() works in C#
React with Ref
Implement Authentication in Angular 2+ application using LoginRadius CLI in 5 mins
How Git Local Repository Works
How to add SSO for your WordPress Site!
Guide to Authorization Code Flow for OAuth 2.0
Introduction to UniFi Ubiquiti Network
The Upcoming Future of Software Testers and SDETs in 2021
Why You Need an Effective Cloud Management Platform
What is Adaptive Authentication or Risk-based Authentication?
Top 9 Challenges Faced by Every QA
Top 4 Serverless Computing Platforms in 2021
QA Testing Process: How to Deliver Quality Software
How to Create List in C#
What is a DDoS Attack and How to Mitigate it
How to Verify Email Addresses in Google Sheet
Concurrency vs Parallelism: What's the Difference?
35+ Git Commands List Every Programmer Should Know
How to do Full-Text Search in MongoDB
What is API Testing? - Discover the Benefits
The Importance of Multi-Factor Authentication (MFA)
Optimize Your Sign Up Page By Going Passwordless
Image Colorizer Tool - Kolorizer
PWA vs Native App: Which one is Better for you?
How to Deploy a REST API in Kubernetes
Integration with electronic identity (eID)
How to Work with Nullable Types in C#
Git merge vs. Git Rebase: What's the difference?
How to Install and Configure Istio
How to Perform Basic Query Operations in MongoDB
Invalidating JSON Web Tokens
How to Use the HTTP Client in GO To Enhance Performance
Constructor vs getInitialState in React
Web Workers in JS - An Introductory Guide
How to Use Enum in C#
How to Migrate Data In MongoDB
A Guide To React User Authentication with LoginRadius
WebAuthn: A Guide To Authenticate Your Application
Build and Push Docker Images with Go
Istio Service Mesh: A Beginners Guide
How to Perform a Git Force Pull
NodeJS Server using Core HTTP Module
How does bitwise ^ (XOR) work?
Introduction to Redux Saga
React Router Basics: Routing in a Single-page Application
How to send emails in C#/.NET using SMTP
How to create an EC2 Instance in AWS
How to use Git Cherry Pick
Password Security Best Practices & Compliance
Using PGP Encryption with Nodejs
Python basics in minutes
Automating Rest API's using Cucumber and Java
Bluetooth Controlled Arduino Car Miniature
AWS Services-Walkthrough
Beginners Guide to Tweepy
Introduction to Github APIs
Introduction to Android Studio
Login Screen - Tips and Ideas for Testing
Introduction to JAMstack
A Quick Look at the React Speech Recognition Hook
IoT and AI - The Perfect Match
A Simple CSS3 Accordion Tutorial
EternalBlue: A retrospective on one of the biggest Windows exploits ever
Setup a blog in minutes with Jekyll & Github
What is Kubernetes? - A Basic Guide
Why RPA is important for businesses
Best Hacking Tools
Three Ways to do CRUD Operations On Redis
Traversing the realms of Quantum Network
How to make a telegram bot
iOS App Development: How To Make Your First App
Apache Beam: A Basic Guide
Python Virtual Environment: What is it and how it works?
End-to-End Testing with Jest and Puppeteer
Speed Up Python Code
Build A Twitter Bot Using NodeJS
Visualizing Data using Leaflet and Netlify
STL Containers & Data Structures in C++
Secure Enclave in iOS App
Optimal clusters for KMeans Algorithm
Upload files using NodeJS + Multer
Class Activation Mapping in Deep Learning
Full data science pipeline implementation
HTML Email Concept
Blockchain: The new technology of trust
Vim: What is it and Why to use it?
Virtual Dispersive Networking
React Context API: What is it and How it works?
Breaking down the 'this' keyword in Javascript
Handling the Cheapest Fuel- Data
GitHub CLI Tool ⚒
Lazy loading in React
What is GraphQL? - A Basic Guide
Exceptions and Exception Handling in C#
Unit Testing: What is it and why do you need it?
Golang Maps - A Beginner’s Guide
LoginRadius Open Source For Hacktoberfest 2020
JWT Signing Algorithms
How to Render React with optimization
Ajax and XHR using plain JS
Using MongoDB as Datasource in GoLang
Understanding event loop in JavaScript
LoginRadius Supports Hacktoberfest 2020
How to implement Facebook Login
Production Grade Development using Docker-Compose
Web Workers: How to add multi-threading in JS
Angular State Management With NGXS
What's new in the go 1.15
Let’s Take A MEME Break!!!
PKCE: What it is and how to use it with OAuth 2.0
Big Data - Testing Strategy
Email Verification API (EVA)
Implement AntiXssMiddleware in .NET Core Web
Setting Up and Running Apache Kafka on Windows OS
Getting Started with OAuth 2.0
Best Practice Guide For Rest API Security | LoginRadius
Let's Write a JavaScript Library in ES6 using Webpack and Babel
Cross Domain Security
Best Free UI/UX Design Tools/Resources 2020
A journey from Node to GoLang
React Hooks: A Beginners Guide
DESIGN THINKING -A visual approach to understand user’s needs
Deep Dive into Container Security Scanning
Different ways to send an email with Golang
Snapshot testing using Nightwatch and mocha
Qualities of an agile development team
IAM, CIAM, and IDaaS - know the difference and terms used for them
How to obtain iOS application logs without Mac
Benefits and usages of Hosts File
React state management: What is it and why to use it?
HTTP Security Headers
Sonarqube: What it is and why to use it?
How to create and validate JSON Web Tokens in Deno
Cloud Cost Optimization in 2021
Service Mesh with Envoy
Kafka Streams: A stream processing guide
Self-Hosted MongoDB
Roadmap of idx-auto-tester
How to Build a PWA in Vanilla JS
Password hashing with NodeJS
Introduction of Idx-Auto-Tester
Twitter authentication with Go Language and Goth
Google OAuth2 Authentication in Golang
LinkedIn Login using Node JS and passport
Read and Write in a local file with Deno
Build A Simple CLI Tool using Deno
Create REST API using deno
Automation for Identity Experience Framework is now open-source !!!
Creating a Web Application using Deno
Hello world with Deno
Facebook authentication using NodeJS and PassportJS
StackExchange - The 8 best resources every developer must follow
OAuth implementation with Node.js and Github
NodeJS and MongoDB application authentication by JWT
Working with AWS Lambda and SQS
Google OAuth2 Authentication in NodeJS - A Guide to Implementing OAuth in Node.js
Custom Encoders in the Mongo Go Driver
React's Reconciliation Algorithm
NaN in JavaScript: An Essential Guide
SDK Version 10.0.0
Getting Started with gRPC - Part 1 Concepts
Introduction to Cross-Site Request Forgery (CSRF)
Introduction to Web Accessibility with Semantic HTML5
JavaScript Events: Bubbling, Capturing, and Propagation
3 Simple Ways to Secure Your Websites/Applications
Failover Systems and LoginRadius' 99.99% Uptime
A Bot Protection Overview
OAuth 1.0 VS OAuth 2.0
Azure AD as an Identity provider
How to Use JWT with OAuth
Let's Encrypt with SSL Certificates
Encryption, Hashing & Salting: Your Guide to Secure Data
What is JSON Web Token
Understanding JSONP
Using NuGet to publish .NET packages
How to configure the 'Actions on Google' console for Google Assistant
Creating a Google Hangout Bot with Express and Node.js
Understanding End Of Line: The Power of Newline Characters
Cocoapods : What It Is And How To Install?
Node Package Manager (NPM)
Get your FREE SSL Certificate!
jCenter Dependencies in Android Studio
Maven Dependency in Eclipse
Install Bootstrap with Bower
Open Source Business Email Validator By Loginradius
Know The Types of Website Popups and How to Create Them
Javascript tips and tricks to Optimize Performance
Learn How To Code Using The 10 Cool Websites
Personal Branding For Developers: Why and How?
Wordpress Custom Login Form Part 1
Is Your Database Secured? Think Again
Be More Manipulative with Underscore JS
Extended LinkedIn API Usage
Angular Roster Tutorial
How to Promise
Learning How to Code
Delete a Node, Is Same Tree, Move Zeroes
CSS/HTML Animated Dropdown Navigation
Part 2 - Creating a Custom Login Form
Website Authentication Protocols
Nim Game, Add Digits, Maximum Depth of Binary Tree
The truth about CSS preprocessors and how they can help you
Beginner's Guide for Sublime Text 3 Plugins
Displaying the LoginRadius interface in a pop-up
Optimize jQuery & Sizzle Element Selector
Maintain Test Cases in Excel Sheets
Separate Drupal Login Page for Admin and User
How to Get Email Alerts for Unhandled PHP Exceptions
ElasticSearch Analyzers for Emails
Social Media Solutions
Types of Authentication in Asp.Net
Using Facebook Graph API After Login
Hi, My Name is Darryl, and This is How I Work
Beginner's Guide for Sublime Text 3
Social Network Branding Guidelines
Index in MongoDB
How to ab-USE CSS2 sibling selectors
Customize User Login, Register and Forgot Password Page in Drupal 7
Best practice for reviewing QQ app
CSS3 Responsive Icons
Write a highly efficient python Web Crawler
Memcached Memory Management
HTML5 Limitation in Internet Explorer
What is an API
Styling Radio and Check buttons with CSS
Configuring Your Social Sharing Buttons
Shopify Embedded App
API Debugging Tools
Use PHP to generate filter portfolio
Password Security
Loading spinner using CSS
RDBMS vs NoSQL
Cloud storage vs Traditional storage
Getting Started with Phonegap
Animate the modal popup using CSS
CSS Responsive Grid, Re-imagined
An Intro to Curl & Fsockopen
Enqueuing Scripts in WordPress
How to Implement Facebook Social Login
GUID Query Through Mongo Shell
Integrating LinkedIn Social Login on a Website
Social Provider Social Sharing Troubleshooting Resources
Social Media Colors in Hex
W3C Validation: What is it and why to use it?
A Simple Popup Tutorial
Hello developers and designers!