Lapsus$ used compromised details to gain access to the network of Sitel a well known customer service company, following this they attained access to the internal systems of Okta well known for their authentication services.
Two months after the initial attack, customers are only just finding out that they might have had data leaked and stolen. Okta recently published a full timeline of the entire incident and how they conducted themselves.
Within their FAQ it states that if you are a customer who might be compromised you will have been contacted. Following this breach their stock value dropped 9% and trust in the company has been lost.
David Bradbury the chief security officer has said “Overall 2.5% of customers have been impacted with customers having no corrective actions to do themselves.”
Interestingly the attackers posted screenshots of the attack stating that the security wasn’t good enough and they expected better. The main issue seems to have been outsourcing to a 3rd party in the case of Sitel with their customer support engineer’s Okta account being compromised giving access to some of Okta’s systems.
Fines could be given to Okta around this breach but currently as this has just come to light the governing body will not have finished their investigation. This does show that with best practices if there is a flaw in the security someone will find a way in.